National Lottery hacked

Next story


It has been confirmed that roughly 26K accounts have been hacked. Are simple repeated passwords to blame?

Cyberattacks seem to be happening left, right and centre throughout the World Wide Web, and now The National Lottery has admitted that 26,500 players’ online accounts have been hacked.

The UK state-franchised lottery is operated by Camelot Group, who have contacted and informed the owners of the compromised accounts, instructing them to change their passwords.

As no financial details are stored online, no money or card details had been taken from the compromised accounts; the only malicious activity is said to be on some accounts that had their personal details changed.

It is believed that their own system has not been hacked, but rather that the players’ login details had been taken from elsewhere.

Although, they have said that there has been suspicious activity on only 43 accounts, which considering there are 9.5 million registered players, this is a tiny proportion.

The investigation is ongoing and Camelot, who is working closely with the National Crime Agency and National Cyber Crime Security Centre on this criminal matter, are continuing to monitor their systems.

We discuss online hacks, password protection and risks of poor passwords with Mark James, ESET IT Security Specialist, who offers professional insight and advice.

“Another day, another “hack”.

“We see this word so often these days we need to be careful it does not lose its clout. With so much data being accumulated online from other data breaches, it’s inevitable that these credentials will be used in other logins to see if we are silly enough to reuse our passwords.

“What would appear to have happened here is exactly that. Camelot has stated ‘We are currently taking all the necessary steps to fully understand what has happened, but we believe that the email address and password used on the National Lottery website may have been stolen from another website where affected players use the same details.’

“This highlights the dangers of not using unique passwords for each login.

“A forum may seem an unimportant website and poses no real threat, and that may be the case until you use the same password on another website that is very important.

“Using password managers or two-factor verification, if available, will help to reduce the damage of a data breach.

“Using a password manager will enable you to generate a complex, unique password for each and every site you go to.

“Some managers will even allow you to score your current passwords looking for duplicates and weak passwords and help you change them.

“Some are paid for and some are free, but when you consider the hassle of changing banking cards, or the inconvenience of cancelling credit cards, it’s a very small price to pay for your piece of mind.”

Do you always use unique passwords? How about 2FA? Let us know on Twitter @ESETUK

Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.