National Lottery hacked – change your password now
Teenage hacker Adam Mudd
All National Lottery customers have been urged to change their passwords after suspicious activity was spotted in 150 accounts.
Camelot, the Lottery’s parent company, emailed customers to say that the affected accounts had been “subject to an unauthorised log-in and that very limited information may have been viewed”.
It added it was “taking all the necessary steps to fully understand what has happened”, noting that the vast majority of accounts - 10.5 million - weren’t affected.
Strange behaviour was detected in early March. Camelot said this was “low level” hacking that was “very sporadic – and almost indistinguishable from normal player activity”.
It addressed fears that hackers might steal winning Lottery numbers by saying there was “no unauthorised access to core National Lottery systems or any of our databases, which would affect National Lottery draws or the payment of prizes”.
It claimed no player had suffered financial loss, and said that the targeted accounts have been suspended. Affected customers have received help to re-activate ther accounts, Camelot added.
The company tried to reassure customers by stating that it doesn’t display full debit-card or bank-account details on online accounts.
A Camelot spokesperson said the attack appeared to be a case of ‘credential stuffing’, in which hackers launch automated attempts to access accounts using usernames and passwords taken from stolen lists circulating on the internet.
A similar tactic appears to have been used in November 2016 when Camelot spotted suspicious behaviour in 26,500 National Lottery accounts.
Camelot has reported the incident to the police, the Information Commissioner’s Office and the National Cyber Security Centre.
To change your password visit www.snipca.com/27322 and enter your email address (see screenshot). Read Camelot’s statement at www.snipca.com/27321.
When I was a teenager, I programmed a simple Hangman game on my BBC Model B computer. Adam Mudd (pictured), from Kings Langley in Hertfordshire, had his sights set higher. At the age of 15 he created a devastating computer program that could be used to attack and shut down websites all over the world.
That was back in 2012 – and in the years that followed he raked in nearly £400,000 selling his software to criminal gangs. In total, his tool was used over 1.7 million times, taking out innocent targets including online gaming sites and Mudd’s local college. In March, Mudd was sentenced to two years in a young offenders’ institute. Bubut that won’t undo the dadamage he caused. One bubusiness reportedly spent £66million defending itself agagainst the attacks, and let’s nonot forget the frustration and anguish caused to innocent users of the targeted sites. Mudd’s still a young man, and let’s hope when he gets out he’ll turn his talents to more positive pursuits. But for now he’s my Villain of the Fortnight. Want to nominate a villain of the fortnight? Email us at editor@computeractive.co.uk