Lottery players told to change passwords after security breach
THE National Lottery has warned more than 10 million players with online accounts to change their passwords after last night’s Euromillions draw due to a security breach.
It said hackers had made attempts to access accounts and that limited information may have been viewed.
It urged all online customers to change their passwords, particularly if they use the same email address and passwords for several sites.
The mass attack, said to have been done using a technique known as “credential stuffing”, was successful in accessing some 150 accounts. Some activity took place in fewer than 10 accounts.
Camelot, the lottery operator, said no customers had lost any money. It is contacting all 10.5 million online customers and put a warning on its website stating: “As part of our regular security monitoring, we have seen some suspicious activity on a very small number of players’ accounts.
“We have directly contacted those players whose accounts have been affected. We are advising players to change their password as a precaution, particularly if they use the same password across multiple websites.”
Camelot said the hacking attack appeared to have begun on March 7. A spokesman said: “Since then, the activity has been extremely low level and very sporadic – and almost indistinguishable from normal player activity.”
The tactic of credential stuffing is said to involve using computers to input the same email address and password combination into a large number of websites in a bid to get access to an account. The email address and password will then be leaked and sold to fraudsters.
Camelot said it had reported the security breach to the police and the Information Commissioner’s Office and was liaising with the National Cyber Security Centre.