Latest in Culture

Image credit: Getty

The National Lottery was not hacked

Despite what you may've read.
226 Shares
Share
Tweet
Share
Save

Sponsored Links

Getty

Camelot yesterday reported that a few days prior, it had noticed unusual activity on a number of online National Lottery accounts. Roughly 26,500 of 9.5 million accounts are thought to have been compromised, with suspicious activity -- in this case, personal details being changed -- noted on less than 50. Since then, UK and international media have reported on this incident, with the vast majority of coverage sporting striking headlines along the lines of "National Lottery hacked." This statement is simply untrue. The National Lottery was not hacked.

National Lottery operator Camelot says as much in its statement: "We would like to make clear that there has been no unauthorised access to core National Lottery systems or any of our databases."

"We believe that the email address and password used on the National Lottery website may have been stolen from another website where affected players use the same details."

This is called credential stuffing, whereby previously exposed usernames and passwords are opportunistically plugged into other websites and services, since it's not uncommon for people to recycle user/pass combinations. If hacking is like breaking down a door, or at least picking the lock, then credential stuffing is like finding a key at the bottom of the road and trying it in every door, hoping to land on a fit. They are very, very different.

The whole situation is still alarming, of course. For one, there's no word on where those 26,500 account details came from. A previous hack or phishing campaign, perhaps? Worst case scenario: a recent hack of a site or service that has gone, as yet, undetected. The National Crime Agency and National Cyber Security Centre are investigating, so we might learn more in due course.

Camelot's immediate reaction has been to suspend the affected accounts and contact users about reactivating them. There's been no financial fallout, but obviously there are some personal details attached to the accounts that may've been seen/scraped.

LinkedIn was hacked, Ashley Madison was hacked, TalkTalk was hacked, Tesco Bank was hacked. The National Lottery was not hacked.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
226 Shares
Share
Tweet
Share
Save

Popular on Engadget

Tesla's relaunched solar power efforts include $50 panel rentals

Tesla's relaunched solar power efforts include $50 panel rentals

View
After Math: Plead the fifth

After Math: Plead the fifth

View
The best smart home sensors for Alexa

The best smart home sensors for Alexa

View
Drako's GTE electric supercar will be a four-motor, 1,200HP monster

Drako's GTE electric supercar will be a four-motor, 1,200HP monster

View
Nintendo says there is no Switch exchange program

Nintendo says there is no Switch exchange program

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr