Chaos in the LUGAS system: A weekend full of mishaps
LUGAS in deep sleep: The LUGAS system, the central regulatory authority for online gambling in Germany, took an unexpected downtime last Saturday. For approximately ten hours, legal providers were unable to accept deposits, making betting impossible for many players. What's particularly annoying is that the incident occurred on a Bundesliga Saturday, a day when betting volume is traditionally particularly high.
The German Sports Betting Association (DSWV) was less than enthusiastic. President Mathias Dahms spoke of a massive disruption to the legal market and warned that illegal providers would gladly exploit the situation to attract new customers—after all, there were no technical problems there.
Merkur Group: A top-class security vulnerability
As if that weren't enough, the Merkur Group also made headlines that same weekend. Its online casinos "Slotmagie," "Crazy Buzzer," and "Merkur Bets" had to be taken offline at short notice. The reason: open GraphQL interface exposed unprotected personal data of over one million users.
We owe this discovery to security researcher Lilith Wittmann, who demonstrated that sensitive data was being presented on a silver platter at Merkur casinos. Those responsible pulled the emergency brake and put their platforms into maintenance mode – much to the delight of their competitors.
After the double weekend of chaos, the DSWV is calling for a thorough investigation into the LUGAS failure. A technical system designed to regulate an entire industry must, after all, function – ideally even on weekends. The solution? 24/7 support for the system to prevent future outages.
The German Gambling Authority (GGL) assured that the problem has now been resolved and announced an investigation by IT specialists. The Merkur Group is also working feverishly to resolve the security vulnerability and emphasizes that protecting player data is its highest priority.
What remains?
Players still feel that legal online gambling in Germany still has some work to do. While legal providers struggle with regulatory system outages, the black market remains open. A bitter irony—after all, LUGAS was introduced, among other things, to protect players from precisely these providers.
The Merkur Group will also have a lot of work to do to regain the trust of its customers. After all, who wants to play in a casino where personal data is inadvertently visible to everyone? Let's hope those responsible do their homework – and that the next Bundesliga weekend goes off without any technical glitches.
