ktsdesign - Fotolia

Thousands of National Lottery accounts hacked

National Lottery operator Camelot says the log-in details of thousands of people who do the lottery online have been stolen

The online log-in details of National Lottery players have been hacked, but no money has been stolen, according to National Lottery operator Camelot.

There are 9.5 million national lottery players registered online, but Camelot said only around 26,500 accounts were accessed. It added that fewer than 50 accounts have had suspicious activity, such as personal details being changed, since the breach.

The company said it unearthed “suspicious activity on a very small proportion of our players’ online National Lottery Accounts” during its online security monitoring on 28 November 2016.

It added that there has been no unauthorised access to core systems. “In addition, no money has been deposited or withdrawn from affected player accounts,” said Camelot.

“However, we do believe that this attack may have resulted in some of the personal information that the affected players hold in their online account being accessed.”

The company said it is now trying to find out what happened, but it believes that “the email address and password used on the National Lottery website may have been stolen from another website where affected players use the same details”.

The affected accounts have been suspended and Camelot will contact the account holders to re-activate them. Camelot added that it is working with the National Cyber Security Centre on the incident. 

Chris Hodson, European, Middle East and Africa chief information security officer at cloud security company Zscaler, said: “With the General Data Protection Regulation looming for kick-off in 2018, we have to wonder how the National Lottery would have responded if such requirements were imposed on them today.”

“To mitigate risks in the short term, account holders should update passwords and avoid using the same password across multiple sites,” he added.

Read more on Web application security

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Note entirely surprised by this. Camelot used to only allow a login username/password, but recently updated it so that you could use your registered email address instead of the username. The username for most accounts therefore was not their email address. 

Such a stupid change to make without notifying users first and asking if they actually want to use their email address. I didn't want this change yet it was made on my account regardless.

There is nothing like good security, and this is indeed nothing like...

JohnC.

Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close