National Lottery Accounts Hacked With 26,500 At Risk

Another week, another hack...

Thousands of National Lottery accounts may have been hacked, reports its operator Camelot.

In a statement on its website, the operator said that it had detected suspicious activity within some of its accounts and investigated.

It now believes that around 26,500 accounts could be compromised with around 50 reporting unauthorised activity.

UniversalImagesGroup via Getty Images

This was not a hack of the National Lottery’s core network or its systems however, instead it’s believed that the accounts were accessed through stolen login information that was being made available on another website.

Of the 50 affected Camelot says that no money was stolen however by gaining access to these accounts the hackers will have seen personal information.

Camelot is now contacting the accounts that it believes are affected and is helping those users re-secure their accounts with new login information.

With over 9.5 million registered players, 26,500 makes up a very small number of Camelot’s total players and with only 50 accounts accessed the damage could be quite small.

That being said this is just the latest in a long stream of hacking incidents in which criminals were either able to access a company’s core systems or get hold of vast swathes of usernames and passwords effectively handing them access to people’s accounts.

Security experts have commended Camelot on their security systems and their swift response to this incident.

James Maude, senior security engineer at global cyber security expert Avecto said: “Camelot has moved quickly in responding to this breach, locking down accounts, triggering compulsory password resets and contacting for those affected directly. That has to be commended, unfortunately most companies aren’t quite so vigilant.”

Andy Herrington, Head of Cyber Professional Services in UK & Ireland at Fujitsu added: “It appears to be very much a pro-active statement which seeks to re-assure users by providing details of the incident in a very controlled way which is easy to understand. The fact that Camelot’s monitoring systems have played a clear role and that they have been able to investigate the incident, threat vector and impact quickly also demonstrates a level of maturity and control.”

How were the accounts hacked?

“This is part of a continuing trend of credential stuffing, where passwords from one breach are reused to gain access to other accounts to harvest more personal information. Users need to be aware of the dangers of reusing passwords especially when these cross the boundary between personal and business accounts.” explains Maude.

This story is developing...

Password Managers to create an unbreakable password:

1Password is the 'Swiss army knife' of the group. It'll run on almost anything. It's also one of the easiest to use as well thanks to an ultra-simple interface. Rather than using autofill, 1Password uses extensions in Chrome, Firefox and Safari which gives you quick and easy access to your vault on any of your computers. The iPhone app uses Touch ID. This is a great all-rounder for the single user who just wants a complete solution. Price: $49.99 (Single license)
DashLane is the team player out of the three options here. Offering a similar user interface to 1Password, Dashlane is simple to use and powerful to boot. If you run a small business or even a big business however then this could be the service for you. With variable sharing options you can send passwords to colleagues that also have Dashlane while keeping the password secure even from them. All they have to do is accept, and the app will log them in to the service without them ever having to see the login credentials. It'll work on iOS, Android, Mac and Windows. Price: $39.99 per year.
LastPass may be last on the list but it's definitely not the least. This is the veteran password manager and as such has the most features. It'll run on every platform and through every site, it's also customisable to a professional degree with support for biometrics and almost any other authenticating technology you can think of. It may be a little more complex to use but once it's set up LastPass is arguably the most flexible in terms of creating a service that you want. Price: $12 per year