10.5m Lottery players warned over cyber hack
THe National Lottery is urging 10.5million players to change their passwords after online accounts were hacked.
The mass attack breached 150 accounts. Camelot, the operators of the game, say that none of the customers involved have lost any money.
In a small number – fewer than ten – some activity took place within the account.
Camelot is sending an email to all 10.5million online accounts advising players to change their passwords, particularly if they use the same email address and password across many websites.
The move follows an attempt by hackers to access accounts using a technique known as ‘credential stuffing’.
The company has also put a warning notice on its website which is described as an ‘important player notice.’
It reads: ‘As part of our regular security monitoring, we have seen some suspicious activity on a very small number of players’ accounts.
‘We have directly contacted those players whose accounts have been affected... We are advising players to change their password as a precaution, particularly if they use the same password across multiple websites.’ Camelot said the hacking attack appears to have begun on March 7.
A spokesman said: ‘ since then, the activity has been extremely low level and very sporadic – and almost indistinguishable from normal player activity.’
The tactic used by the hackers, known as ‘credential stuffing’, involves using computers to fire the same email address and password combination at a large number of websites to see if it gets a hit. The combination of email address and password will have been leaked in the past and will have been traded, along with millions of others, to fraudsters looking to hack accounts.
A Camelot spokesman said: ‘We currently believe that up to 150 accounts – out of 10.5 million registered with us in total – have been subject to an unauthorised log-in and that very limited information may have been viewed.
‘A much smaller number – fewer than ten accounts – have had some limited activity take place within the account since it was accessed, but no player has seen any financial loss. We would like to reassure our players that we do not display full debit card or bank account details on their online National Lottery accounts.
‘We have suspended all of the affected accounts and have directly contacted these players to help them re-activate their accounts securely.
‘We are also urging National Lottery players to change their online password, particularly if they use the same password across multiple websites.
‘Protecting our players’ personal data is of the utmost importance to us.
We are very sorry for any inconvenience this may cause and would encourage those with any concerns to contact us directly, so we can discuss it with them in more detail.’
The online security company Akamai estimates that 40 per cent of all global retail, business and banking log-in attempts are malicious and driven by credential stuffing attacks.
of the 17billion login requests Akamai tracked in November and December 2017, over twofifths – 43 per cent – involved credential abuse.
Last month, privacy campaigners at Big Brother Watch revealed that councils have been hit by 98million cyberattacks in the past five years.
‘Suspicious activity’