Camelot warns of 'low level' National Lottery hack

By Tom Espiner
Business reporter, BBC News

  • Published
National Lottery logoImage source, Camelot

National Lottery owner Camelot has warned of a "low level" cyber-attack that affected 150 customer accounts.

It has asked all of its customers to change the passwords on their accounts as a precaution.

The hackers used credentials gleaned from a list circulated on the internet to get into the accounts, a Camelot spokeswoman said.

No money was stolen, and the attackers saw limited information, the spokeswoman added.

Privacy watchdog the Information Commissioner, the police, and the National Cyber Security Centre have been informed of the attack, the spokeswoman said.

"As part of our regular security monitoring, we have seen some suspicious activity on a very small number of players' accounts," Camelot said in an email to customers.

"We have directly contacted those players whose accounts have been affected."

Customers can normally use their debit card details to transfer money into their National Lottery accounts, then use those funds to buy online lottery tickets or scratch cards.

The hackers used a so-called "credential-stuffing" attack using a list of passwords circulated online to get access to about 150 accounts. Those accounts have been suspended, the spokeswoman said.

"If you have a password you use across multiple sites then you should change it," the spokeswoman added.