"People's Postcode Lottery (PPL) subscribers briefly saw other players' personal information when logging into the site on Monday. The exposed data included names, addresses, email addresses, and dates of birth. According to forum posts, each time users refreshed their homepage, a different user's details appeared. PPL yanked the service offline within 17 minutes of discovering the issue on October 27, and all services were restored at 09:00 UTC on October 29."
"The company said a "technical error" caused the leak, with no evidence of external attack. Last year PPL reported that 4.9 million people subscribed to its service, which sees Brits pay £12.25 (around $16) per month to be entered into a prize draw. An investigation after the glitch revealed that only 0.1 percent of the lottery's players were affected. All customers that were exposed have received email notifications and a year of free Experian credit monitoring."
People's Postcode Lottery experienced a technical error that briefly exposed players' personal information when users logged into the site. Exposed fields included names, addresses, email addresses, and dates of birth, and refreshing the homepage could display different users' details. PPL took the service offline within 17 minutes on October 27 and restored all services by 09:00 UTC on October 29. The company reported no evidence of external attack and an investigation found about 0.1 percent of subscribers were affected. All affected customers received email notifications and a year of free Experian credit monitoring. The incident was reported to the Information Commissioner's Office.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]