This isn’t Wittmann’s first effort to show safety programs throughout the sector. She has pledged to “expose the organised crime enablement schemes” she believes have been created by the MGA.
A self-described German safety researcher has claimed accountability for breaching the Malta Gaming Authority’s (MGA) programs, reportedly having access to delicate information together with operator compliance recordsdata and participant information.
Lilith Wittmann, who presents herself as an moral hacker, alleged final week through a social media submit, that was subsequently eliminated, that she held materials linking the regulator to organised crime inside Malta’s playing sector.
In a public assertion on 17 March the MGA recognized a breach inside one in every of its programs and activated its inside response protocols. It mentioned the occasion was being handled “with the utmost seriousness”.
The authority didn’t disclose particular particulars concerning the character of the accessed information.
On 20 March, Wittmann admitted in a tweet that she had been the one to hack the regulator. “And sure, we’ll expose the organised crime enablement schemes you created whereas presenting yourselves as a ‘reliable public service’,” she added.
MGA condemns Wittmann breach
The MGA condemned Wittmann’s claims in a follow-up assertion on Friday. It mentioned: “such conduct is unacceptable and incompatible with lawful engagement with public establishments and established governance frameworks”.
Nevertheless the regulator famous Wittmann’s allegations had been “unsubstantiated and don’t undermine the MGA’s function as a regulator dedicated to transparency, due course of and the rule of legislation”.
“The Authority operates inside a sturdy authorized and regulatory framework and carries out its statutory features with integrity, independence and accountability,” it mentioned.
Wittmann has been linked to moral hacking throughout the playing sector earlier than.
In March 2025 she unveiled an enormous participant information breach throughout German gaming websites operated by Merkur Gaming. The occasion concerned the breach of unsecured APIs, and uncovered roughly 800,000 participant accounts by way of an unsecured API endpoint.
On the time she wrote in a weblog that she had been capable of entry massively delicate participant information by way of a GraphQL question, together with banking particulars and sign-up info.
The incident raised questions across the protecting measures operators and their third-party suppliers ought to have in place to guard gamers. On the time the German regulator (GGL) didn’t take a tough line stance towards the businesses in query.
However Wittmann highlighted the chance that the GGL may very well be implicated if hackers had been to acquire further participant information from the regulator, utilizing the breached info.
Source link
