Camelot, a UK National Lottery online website issued a warning to all online lottery players. The notice—change your passwords—due to another security breach. Friday, March 16, 2018, Camelot issued the warning to their customers that during a routine security monitoring check they detected unauthorized activity. They found this activity occurring on a small number of National Lottery accounts; however, they want all online players to change their passwords.
Camelot notified police, proper authorities, and the Information Commissioners Office. About 150 accounts were affected by the breach. However, the website has over 10.5 million registrations. The small number of unauthorized log-in activity is still worrisome for Camelot, and they urge all players to change their password, even if they were not affected by the breach.
According to their public statement, Camelot saw less than ten accounts with activity, and they also state no player has seen any losses, financially, due to the breach. Camelot is taking all the steps possible to understand the security breach, the full weight of the intrusion, and to ensure that all activity is suspended on the affected accounts. They are working with the players to reactivate their accounts safely. However, it is still a precaution to require all entrants to change their password.
Password Updates for Players
The password can be changed by going into the player’s account and modifying the information. With any security breach, people are urged to forego passwords that would have any association with their last used security code and anything that could be discerned from private information. As random a password, and as complicated as one can make the code—the better to ensure hackers cannot try to guess the passcode.
A spokesperson for the Camelot UK National Lottery said the perpetrators had used credentials, using “credential stuffing” to gain access to several websites that use email addresses and passwords to see what might match up.
Camelot has dealt with such a breach before. In 2016, November, Camelot saw a breach of 26,500 accounts and 50 had unauthorized activity after the hack. In October 2017, the UK National Lottery website Camelot went down for 90 minutes on a Saturday night. There was a denial of service attack or DDOS. Camelot was also the target of a buggy mobile app, in which players were told they had winning tickets, but those tickets were losers. It was a hack on their digital movement towards a mobile app. Camelot continues to be the subject of security breaches, but thus far no harm has come to players.