National Lottery accounts feared hacked

    About 26,500 National Lottery accounts are feared to have been hacked, according to its operator Camelot.

    The firm said it did not believe its own systems had been compromised, but rather that the players' login details had been stolen from elsewhere.
    The company said that no money had been taken from or added to the compromised accounts.
    But it added that there had been other suspicious activity on fewer than 50 of them.

    Camelot said it became aware of the problem on Sunday.
    "We are currently taking all the necessary steps to fully understand what has happened, but we believe that the email address and password used on the National Lottery website may have been stolen from another website where affected players use the same details," it said in a statement.
    "We do not hold full debit card or bank account details in National Lottery players' online accounts and no money has been taken or deposited.
    "However, we do believe that this attack may have resulted in some of the personal information that the affected players hold in their online account being accessed."

    A spokeswoman added that the accounts represented a small fraction of the draw's 9.5 million registered online players.
    Camelot is contacting the owners of the accounts thought to have been compromised and instructing them to change their passwords.
    One security expert said there had been many recent attacks where logins stolen from one platform had been tested and used to breach another.
    But he still had concerns about Camelot's explanation.
    "If there's 26,500 accounts here and they are saying the credentials are correct but they didn't come from us, they still let an attacker log in 26,500 times," said Troy Hunt.
    "That alone is something that illustrates a deficiency."

    Password tips:
    The University of Surrey's Prof Alan Woodward says these rules should be observed when setting an online password:

    Don't choose one obviously associated with you
    Hackers can find out a lot about you from social media so if they are targeting you specifically and you choose, say, your pet's name you're in trouble.

    Choose words that don't appear in a dictionary
    Hackers can precalculate the encrypted forms of whole dictionaries and easily reverse engineer your password.

    Use a mixture of unusual characters
    You can use a word or phrase that you can easily remember but where characters are substituted, eg, Myd0gha2B1g3ars!

    Have different passwords for different sites and systems
    If hackers compromise one system you do not want them having the key to unlock all your other accounts.

    Keep them safely
    With multiple passwords it is tempting to write them down and carry them around with you. Better to use some form of secure password vault on your phone.



    What were the odds?


    What were the odds?

    much less than winning the jackpot.


    much less than winning anything.

    Corrected that for you

    Confirmed that 'no money had been added to accounts'
    Obviously the prime objective of master criminals. To hack account details and give people their money! Who writes these things!

    Yep suspicious indeed spent £50 over several months on lottery and not even won a pound back. I would call that mighty suspicious Camelot!

    Those password tips aren't great, are they? To a hacker's tools Myd0gha2B1g3ars is exactly the same as mydoghasbigears. A better thing you can do is have a longer, easy to remember phrase. In fact "My dog has big ears!" is better because the spaces make it longer and thus harder to brute force.
    Post a comment
      Top Discussions
      1. Surprise! The HUKD Summer Flamedeer Hunt 2017 **OFFICIAL THREAD** (trading …4492105
      2. Are these two things distinctly different to you?35190
      3. If you had £50,000 to start a business what would it be ?2445
      4. Back to school: what's your views on your kids uniform and piercing rules e…26118

      See more discussions