Following the news about 26,500 National Lottery accounts are feared to have been hacked, according to its operator Camelot. The firm said it did not believe its own systems had been compromised, but rather that the players’ login details had been stolen from elsewhere.
Adenike Cosgrove, Cybersecurity Strategy, EMEA at Proofpoint:
“We recommend regularly changing your login credentials, using strong passwords that conform to best practices, and never re-using the same identifier across more than one account. Additionally, it is important that customers do not click on any link that they may receive in an email from Camelot, as criminals typically impersonate brands immediately after a breach, pretending to offer official advice to worried consumers.”
Ryan Wilk, VP of Customer Success at NuData Security:
“The key takeaway for all consumers from this breach is that password security is important, and especially, do not use the same password everywhere! It’s lucky that only a very few accounts were affected and there was no money lost, however, it illustrates that all pieces of information are valuable to hackers who in these cases typically investigate accounts for future fraud once they obtain access.It’s an unfortunate fact of life these days that breaches continue seemingly unabated. Our personal records are being shared on the dark web – sometimes years after the breach occurs. Data breaches continue to build upon each other, with each breach adding additional intelligence to achieving the goal of complete profiles of identities for a large segment of our population up for sale on the dark web. Where credit card fraud was all the rage a couple years ago, it is this kind of account takeover that is on the painful and dramatic rise. There are behaviorally-based methods that online merchants, banks, and providers, are going to need to deploy that will help keep consumer accounts safe, even if valid credentials are presented. These solutions give true insight into who sits behind the device – and provide a high-level of trust that it is the consumer, and not a fraudster using our identity information online. You can, and should, start expecting organizations you interact with to use these multi-layered and behavioral-based solutions to protect your online accounts.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.