The UK lottery has reported that hackers have tried to obtain unauthorised access to player accounts. Millions of players have already been urged to change their passwords, and if you haven’t done so already, you’re advised to take care of it ASAP.
During cybersecurity monitoring, Camelot, the parent company, discovered that hackers were using ‘credential stuffing’ attacks to obtain access to other people’s accounts. This type of attack involves attempting to enter previously-obtained credentials into other websites in order to gain access, hoping that the victim uses the exact same login credentials there.
Reportedly, this has had no effect on the systems or databases that determine the outcome of the drawing, so there’s nothing to worry about with regards to the legitimacy of the lottery winners.
This example clearly demonstrates why it’s a not a good idea to use the same passwords across all websites.
Luckily, only 150 users have had their login credentials stolen, and very little of their personal data has been compromised. However, the hackers now know these people’s real names as well as how much money they had deposited in their lottery accounts. Hackers have tried to play around with 10 of these accounts, but even so, none of the victims have experienced any form of financial loss as a result of this thus far.
According to Camelot, the company does not display full credit card or bank account details. Accounts with any kind of suspicious behaviour have already been suspended. As a precaution, it’s a good idea to change your password, especially if you’re using the same one on other websites.