Camelot, which operates the National Lottery, has warned all 10.5 million registered users of its online accounts to change their passwords as a precaution after what it called a “low-level” hack affecting about 150 accounts.
The firm said it discovered “suspicious activity” as a result of routine monitoring.
It believes the accounts were accessed using passwords that had been reused elsewhere, then stolen from third-party websites.
If users have a passwords that’s been used across multiple sites, they should change it, Camelot said.
Attackers who accessed the 150 accounts were able to view “very limited information” about users, including their first names and the amount of money loaded into the account.
Users can add funds to such accounts from a payment card, then use the money to buy online lottery tickets or scratch cards.
Attackers also accessed a few accounts, believed to be under 10, and carried out “limited activity”, Camelot said.
But no financial losses occurred, and no core systems were accessed, according to the firm.
Camelot reported the incident to the police, the National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO).
“We are aware of an incident involving The National Lottery’s website and are in contact with the company and other agencies,” the ICO said in a prepared statement.
In late 2016 Camelot warned that about 26,500 National Lottery accounts had been hacked using the same methods employed in the more recent incident.
Do you know all about security? Try our quiz!
Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…
Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…
Elon Musk continues to provoke the ire of various leaders around the world with his…
Volkswagen and Rivian officially launch their joint venture, as German car giant ups investment to…
Merry Christmas staff. AMD hands marching orders to 1,000 employees in the led up to…
Recall number six in 2024 for Tesla Cybertruck, and this time the fault cannot be…