Thursday, September 12

UK National Lottery online accounts hacked again


 

 

Editorial Millions of National Lottery players were being told to change their passwords on Friday after accounts were hacked.

Up to 150 accounts were attacked, with a handful falling victim to some limited activity, according to Lotto operator Camelot.

The firm insisted no players had lost money.

Cyber spooks were tonight probing the incident, which has been referred to the information watchdog.

A Camelot spokesman said: ​​As part of our online security monitoring, we became aware of suspicious activity on a very small proportion of our players’ online National Lottery accounts. We reported this matter to the police and the Information Commissioner’s Office, and are liaising with the National Cyber Security Centre.

We would like to make clear that there has been no unauthorised access to core National Lottery systems or any of our databases, which would affect National Lottery draws or the payment of prizes.

We are taking all the necessary steps to fully understand what has happened, but we currently believe that up to 150 accounts out of 10.5 million registered with us in total have been subject to an unauthorised log-in and that very limited information may have been viewed​.

A much smaller number fewer than 10 accounts have had some limited activity take place within the account since it was accessed, but no player has seen any financial loss.

It is understood investigators believe the hack was triggered by credential stuffing, where an attacker uses leaked data such as an email address and password used across multiple websites to unlawfully access an account.

All Lottery players with online accounts will receive emails over the weekend advising them to change their passwords as a precaution.

The spokesman added: We would like to reassure our players that we do not display full debit card or bank account details on their online National Lottery accounts.​

We have suspended all of the affected accounts and have directly contacted these players to help them re-activate their accounts securely.

We are also urging National Lottery players to change their online password, particularly if they use the same password across multiple websites.