Camelot Warns Lottery Account Holders After ‘Low-Level’ Attack

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Follow on: Google +

Users have been warned to change their passwords after attackers accessed dozens of online lottery accounts

Camelot, which operates the National Lottery, has warned all 10.5 million registered users of its online accounts to change their passwords as a precaution after what it called a “low-level” hack affecting about 150 accounts.

The firm said it discovered “suspicious activity” as a result of routine monitoring.

It believes the accounts were accessed using passwords that had been reused elsewhere, then stolen from third-party websites.

If users have a passwords that’s been used across multiple sites, they should change it, Camelot said.

‘Limited’ breach

Attackers who accessed the 150 accounts were able to view “very limited information” about users, including their first names and the amount of money loaded into the account.

Users can add funds to such accounts from a payment card, then use the money to buy online lottery tickets or scratch cards.

Attackers also accessed a few accounts, believed to be under 10, and carried out “limited activity”, Camelot said.

But no financial losses occurred, and no core systems were accessed, according to the firm.

Camelot reported the incident to the police, the National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO).

“We are aware of an incident involving The National Lottery’s website and are in contact with the company and other agencies,” the ICO said in a prepared statement.

In late 2016 Camelot warned that about 26,500 National Lottery accounts had been hacked using the same methods employed in the more recent incident.

Do you know all about security? Try our quiz!