Thousands of players have been sent emails warning of "suspicious activity" on their online accounts.
Lottery organizer Camelot believe around 26,500 player accounts were accessed in the breach disclosed Wednesday.
A much smaller number – around 50 – were actually tampered with.
James Maude, senior security engineer at Avecto said this latest breach is part of a continuing trend.
“The compromise of over 26,000 customer email addresses and passwords on the National Lottery website is the latest in a long line of security incidents impacting familiar household brands and comes just days after Cyber Monday, one of the busiest days in the online calendar.
This is part of a continuing trend of credential stuffing, where passwords from one breach are reused to gain access to other accounts to harvest more personal information. Users need to be aware of the dangers of reusing passwords especially when these cross the boundary between personal and business accounts.
Though Camelot believe fewer than 50 customers have had activity take place within their accounts, it’s yet another wakeup call for organisations to bolster the security of customer data. Taking proactive steps to secure systems and monitor for breach attempts, rather than reactive measures after an event has to be the way forward here.
"Camelot has moved quickly in responding to this breach, locking down accounts, triggering compulsory password resets and contacting for those affected directly. That has to be commended, unfortunately most companies aren’t quite so vigilant.”