"We would like to make clear that there has been no unauthorized access to core National Lottery systems or any of our databases, which would affect National Lottery draws or payment of prizes," Camelot said in a statement.
Britain's National Crime Agency and the National Cyber Security Centre are reportedly investigating the incident, in cooperation with Camelot.
The hacked accounts are only a tiny fraction of 9.5 million Lottery players registered online, Camelot says. The investigators believe the hackers did not want the players' money, but instead were hunting for personal information.
"The act of stealing personal information from these accounts but leaving financial credentials untouched…highlights that the motives of the criminals was not immediate financial fraud but highly sought personal identifiable information," says Chris Hodson, chief information security officer at cybersecurity firm Zscaler.
This personal information can be used to create a false customer profile or commit subsequent fraud at scale, Camelot statement says.
