More than 26,000 National Lottery digital accounts may have been hacked, though no money has yet been taken or added to the affected accounts.
The BBC is reporting that the UK’s National Lottery, and its operator Camelot, have been tracking suspicious activity on a large number of accounts. According to the official communiqué, Camelot doesn’t believe its own system suffered a breach, but that login credentials were stolen from a different website. Users seem to have simply reused the same credentials on multiple accounts, leaving them vulnerable.
No money has been taken or added to the accounts in question so far, but Camelot says it’s monitoring additional suspicious activity on about 50 accounts. Luckily, only limited data seems to have been accessed, with the company explaining:
We do not hold full debit card or bank account details in National Lottery players' online accounts and no money has been taken or deposited. However, we do believe that this attack may have resulted in some of the personal information that the affected players hold in their online account being accessed.
Camelot, which has around 9.5 million registered users, is contacting those affected and instructing them to change their passwords.