You are using an older browser version. Please use a supported version for the best MSN experience.

Millions told to change National Lottery passwords online after accounts were hacked ahead of tonight's £14million Euromillions draw

Mirror logo Mirror 17/03/2018 James Jackson

a person sitting on top of a laptop: Credits: Universal Images Group Editorial © Provided by Trinity Mirror Shared Services Limited Credits: Universal Images Group Editorial Millions of National Lottery players were being told to change their passwords on Friday after accounts were hacked.

Up to 150 accounts were attacked, with a handful falling victim to “some limited activity”, according to Lotto operator Camelot.

The firm insisted no players had lost money.

Cyber spooks were tonight probing the incident, which has been referred to the information watchdog.

a drawing of a person: Credits: PA © Provided by Trinity Mirror Shared Services Limited Credits: PA The first users knew of the hack was when they received emails at 3pm last night urging them to change their passwords - even if they were not affected.

A Camelot spokesman said: ​“​As part of our online security monitoring, we became aware of suspicious activity on a very small proportion of our players’ online National Lottery accounts. We reported this matter to the police and the Information Commissioner’s Office, and are liaising with the National Cyber Security Centre.

“We would like to make clear that there has been no unauthorised access to core National Lottery systems or any of our databases, which would affect National Lottery draws or the payment of prizes.

“We are taking all the necessary steps to fully understand what has happened, but we currently believe that up to 150 accounts – out of 10.5 million registered with us in total – have been subject to an unauthorised log-in and that very limited information may have been viewed​.

“A much smaller number – fewer than 10 accounts – have had some limited activity take place within the account since it was accessed, but no player has seen any financial loss.”

It is understood investigators believe the hack was triggered by “credential stuffing”, where an attacker uses leaked data - such as an email address and password used across multiple websites - to unlawfully access an account.

All Lottery players with online accounts will receive emails over the weekend advising them to change their passwords as a precaution.

The spokesman added: “We would like to reassure our players that we do not display full debit card or bank account details on their online National Lottery accounts.​

“We have suspended all of the affected accounts and have directly contacted these players to help them re-activate their accounts securely.

“We are also urging National Lottery players to change their online password, particularly if they use the same password across multiple websites.”

For more of the most popular News, Sport, Lifestyle & Entertainment on MSN, Follow us on Facebook, and on Twitter

AdChoices
AdChoices

More from The Mirror

image beaconimage beaconimage beacon