The Dutch Lottery has resetted 1.5 million passwords from accounts. In the past six months, thousands of accounts were logged in. Usually not a problem, but 12.000 of them were hacked since mid-March. Private data may have been stolen, so the lottery took security measures.
Unauthorized access to accounts
The Dutch Lottery consists of three lotteries: the State Lottery, the Lotto and TOTO. In 12,000 cases someone has been granted unauthorized access to a Dutch Lottery account. However, no access has been given to the digital wallet. A player who wins money receives money in that wallet.
Reuse of passwords
The organization has not been hacked itself. It might very well be that hackers have reused passwords. Some users used the same password for different accounts. Not a good idea, because in that case a criminal can gain access to multiple accounts if there is a leak in one service. The Dutch Lottery asks members with an account to use a strong and unique password.
Hackers may have gained access to personal data from accounts. These include names, e-mail addresses, dates of birth, address details and the bank account number. This all data you wouldn’t normally share. The Dutch Lottery has reported the incident with the hacked accounts to the Personal Data Authority and the Gaming Authority.
Use of data
The data that has been hacked can be used by criminals for new attacks. Think about phishing, for example. In that case a criminal approaches a potential victim on behalf of another organization, like a bank. The more data the criminal has, the more convincing the message can be. It comes as no surprise that many people lose money because of this scam.
Malfunction in e-mail system
The Dutch Lottery had to deal with another problem as well. A couple of weeks ago, a malfunction in its e-mail system occurred. Users who wanted to reset their password were not notified. According to a spokesperson of the lottery, this problem is now solved.