A German ethical hacker has claimed responsibility for a recent system breach at the Malta Gaming Authority (MGA), which the regulator has slammed as “unsubstantiated”.
Lilith Wittman made the claims in a LinkedIn post on Friday, 20 March, which she later said was removed by the professional social media network soon after.
In the post, Wittman claimed responsibility for the hack and stated the retrieved information had been shared with the “authorities”.
The since-deleted post continued: “We will expose the organised crime enablement scheme you created while presenting yourselves as a ‘legitimate public service’.
“I hope the German authorities are, for once, smart and do not extradite me to Malta, where I would face up to 10 years imprisonment for hacking a public service. Any police action from Malta would also trigger the immediate release of my entire archive of igaming-related data.
“I am certain that the information obtained is so valuable for the public discourse that obtaining it will one day, in the not-too-distant future, be seen as a justified necessity.
“As of today, I do not have anything else to share about the upcoming releases concerning the organised crime networks supported by countries like Malta. Therefore, please refrain from enquiries until further notice.”
Wittman’s claims come after the MGA announced on 17 March that it had identified a breach within one of its systems.
The regulator said “all necessary containment and mitigation measures were implemented as a precaution”.
Last March, Wittman alleged that an unsecured API across various Merkur sites in Germany meant customers’ personal details could be accessed freely.
That data included full names, account details and transaction records.
In 2021, Wittman made headlines in Germany after she was able to access personal information of almost 20,000 members of the Christian Democratic Union (CDU).
The CDU, one of Germany’s major political parties, had launched an app in the build up to that year’s federal election.
An MGA statement published after Wittman made the claims read: “The Malta Gaming Authority is aware of public statements made by an individual claiming responsibility for unauthorised access to one of the Authority’s systems and making a series of allegations and threats in that context.
“The MGA condemns any unauthorised access to its systems and any extraction, handling or dissemination of data obtained through such activity.
“Such conduct is unacceptable and incompatible with lawful engagement with public institutions and established governance frameworks.
“The Authority operates within a robust legal and regulatory framework and carries out its statutory functions with integrity, independence and accountability.
“Allegations made in the context of unauthorised system access are unsubstantiated and do not undermine the MGA’s role as a regulator committed to transparency, due process and the rule of law.
“For more than two decades, the MGA has operated within established legal and governance frameworks and will continue to do so.”
The post German ethical hacker claims responsibility over MGA breach first appeared on EGR Intel.
Lilith Wittman makes claims on social media related to breach at the regulator, one year after she uncovered shortcomings at Merkur in Germany
The post German ethical hacker claims responsibility over MGA breach first appeared on EGR Intel.