News
National Lottery data breach - Comments from Alert Logic and Positive Technologies
November 2016 by Alert Logic and Positive Technologies
Following this morning’s news of the National Lottery data breach, Alert Logic and Positive Technologies comment:
Oliver Pinson-Roxburgh, EMEA director at Alert Logic:
"The National Lottery breach highlights the challenge all organisations face today -
and reiterates the fact that consumers have a significant role to play in protecting
their online accounts. Attackers leave digital fingerprints in their network
activity or system logs that can be spotted if you know what to look for, and have
qualified people looking for it. Through continuous monitoring, 24x7, and being able
to distinguish normal from abnormal, organisations can identify and act against
sophisticated attackers. Front the statement given by Camelot their monitoring
uncovered the breach but the breach likely occurred due to poor password management
from their customers.
Consumers will be forced to change the password on their National Lottery account,
and any other accounts that use the same password. However they need to ensure that
they don’t use the same password for other accounts, You should keep track of all
the user accounts and passwords you maintain on the Internet.
A passphrase is also highly recommended, instead of a password. You can take a
common phrase and create a pattern that means something to you, then add minor edits
as a way to keep passphrases different. An example is: The sun rise is great today.
A simple passphrase could be: Tsr!Gr82day. The passphrase is 11 characters long
and contains number, upper/lower case letters and a symbol. The exclamation mark
(!) substitutes for the “i” in the word is. You can add something specific to
make the passphrase different on multiple accounts.
This really demonstrates that no brand is safe and whilst organisations need
stringent security policies and technologies, consumers play a role in the security
of their accounts."
Alex Mathews, EMEA technical manager, Positive Technologies:
"Big consumer brands which hold vast amounts of personal details are pay-dirt for
cybercriminals. They often hold massive databases of information which can be used
for follow-up attacks on other services. The people contacted should make sure they
keep a close eye on their online accounts for phishing and other suspicious
activity. If anything looks awry, then it is probably best to treat it with
caution. Now is probably a good time for the affected people to change their
passwords across the board."
