Advertisement

National Lottery hacked: Millions of customers warned to change passwords

Hackers have targeted online National Lottery customers - Alamy
Hackers have targeted online National Lottery customers - Alamy

The National Lottery has warned more than 10 million players with online accounts to change their passwords due to a security breach.

It said hackers had made attempts to access accounts and that limited information may have been viewed.

It urged all online customers to change their passwords, particularly if they use the same email address and passwords for several sites.

The mass attack, said to have been done using a technique known as “credential stuffing,” was successful in accessing some 150 accounts. Some activity took place in fewer than ten accounts.

Camelot, the lottery operator, said no customers had lost any money.

It is contacting all 10.5 million online customers and put a warning on its website stating: “As part of our regular security monitoring, we have seen some suspicious activity on a very small number of players’ accounts.

The National Lottery has been hacked - Credit: Glyn Genin/PA
The National Lottery has been hacked Credit: Glyn Genin/PA

“We have directly contacted those players whose accounts have been affected. We are advising players to change their password as a precaution, particularly if they use the same password across multiple websites.”

Camelot said the hacking attack appeared to have begun on March 7.

A spokesman said: “Since then, the activity has been extremely low level and very sporadic – and almost indistinguishable from normal player activity.”

The tactic of credential stuffing is said to involve using computers to fire the same email address and password combination at a large number of websites in a bid to get access to an account.

The combination of email address and password will have been leaked and sold to fraudsters.

Camelot said it had reported the security breach to the police and the Information Commissioner’s Office and was liaising with the National Cyber Security Centre.

It added: “We would like to reassure our players that we do not display full debit card or bank account details on their online National Lottery accounts.​ We have suspended all of the affected accounts and have directly contacted these players to help them re-activate their accounts securely.”