Up To 26,500 National Lottery Online Accounts Are Breached

As many as 26,500 National Lottery online accounts have been accessed by hackers in what is believed to be the latest instance of cybercriminals re-using online credentials harvested from major data breaches.

A number of such breaches have affected major websites like Yahoo and Dropbox in recent times and because so many people reuse passwords, this means other accounts could be compromised.

Camelot, which runs the National Lottery, said that of 9.5 million accounts it noted suspicious activity in 26,500 and saw that activity had taken place in 50 since the pattern was detected.

National Lottery breach

The company does not store the full debit and credit card details of players but there is personal information.

“On 28 November 2016, as part of our online security monitoring, we became aware of suspicious activity on a very small proportion of our players’ online National Lottery Accounts,” said the firm.

“We would like to make clear that there has been no unauthorised access to core National Lottery systems or any of our databases, which would affect National Lottery draws or payment of prizes. In addition, no money has been deposited or withdrawn from affected player accounts.

“We are currently taking all the necessary steps to fully understand what has happened, but we believe that the email address and password used on the National Lottery website may have been stolen from another website where affected players use the same details.”

Loading ...

Camelot says it has suspended the accounts in question and is proactively contacting the people affected.

Experts agree that the reuse of passwords is the most likely cause.

“Consumers need to understand the importance of proper password management and avoiding recycling logins for multiple services, especially if the service deals with financial and personal data,” said David Kennerly, director of threat research at Webroot.

“The forced password reset for the 26,500 accounts affected is exactly the right response. We would also recommend that anyone who is concerned about their account should change their password, especially if you have re-used the credentials across multiple online services.”

Take our data breaches quiz here!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

1 hour ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

16 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

19 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

20 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

21 hours ago