Friday night saw the National Lottery to warn over 10 million players who had online accounts on its website to change their passwords as soon as possible because of a security breach. As revealed by Camelot – the company that operates on the UK National Lottery – attempts had been to breach the security of the website and access users’ accounts and that sensitive information may have been viewed.
All customers who had online accounts with the lottery, were urged by the operator to change their passwords, especially in the cases when they use the same e-mail address and password for other websites, too.
As revealed by Camelot, the hacker attack had been done by using the “credential stuffing” technique and ended up with accessing approximately 150 accounts out of 10.5 million registered with the company in total. Some activity was detected in fewer than ten accounts, with no customers being reported to have lost any money. The National Lottery operator reported the matter to the police as well as to the Information Commissioner’s Office, and was cooperating with the National Cyber Security Centre.
The National Lottery operator is contacting all its online users now, and a warning has been put on its website, saying that suspicious activity had been seen on a “very small number of players’ accounts”. According to the company, the hacker attack seems to have started on March 7th. According to a spokesman of Camelot, since then, the activity had been at a very low level and had not been regular, so it was very hard to distinguish it from normal player activity.
Not the First Attack Experienced by the National Lottery
The so-called “credential stuffing” technique usually involves using computers to fire the combination of the same e-mail address and password at various websites in an attempt to get access to a certain user’s account. Such combinations of e-mails and passwords are usually sold to fraudsters.
This is not the first time when the National Lottery website experienced a hacker attack. At the end of September 2017, the website was brought down due to a cyber hack attack for more than hour and a half, preventing thousands of players from purchasing tickets. At the time, the website experienced a distributed denial of service (DDOS) attack, which affected players who had tried to purchase tickets from the website and the mobile application of the operator. Players who had prefer to purchase tickets from the retail shops of the National Lottery were not affected by the hacker attack.
Apart from that, back in November 2016, the National Lottery suffered another cyber criminal attack. According to an official announcement released by Camelot, approximately 26,500 players’ accounts were accessed by hackers after suspicious activity had been registered. According to the National Lottery in November 2016, sensitive customer information, such as users’ name, date of birth, contact details, account preferences, money transaction history, card’s expiry date and card number’s last four digits.
Following the hacker attack, in December 2016, the British Labour Party demanded from the National Lottery operator to guarantee that its website is safe and risk-free for its customers.