BCLC is advising customers to update their passwords after a “recent incident” in which stolen passwords were used to try to log into PlayNow accounts.
A statement from BCLC Media Relations states that the gaming company believes that only a small percentage of its account base has been impacted.
The incident took place on July 24, which involved “credential stuffing.”
- You might also like:
- Mid-week wins: Lottery player becomes a millionaire, plus 20 Canadians win prizes
- There's a new lottery in BC for concert tickets -- and it could be Taylor Swift
- Here's why BC lottery players couldn't buy or verify tickets over the weekend
According to BCLC, credential stuffing involves criminals attempting to access accounts using email addresses and passwords that have been previously exposed or stolen from other companies.
“Credential stuffing works on the premise that people often use the same user ID and password across multiple websites.”
BCLC President and CEO Pat Davis says the organization is taking this very seriously.
“This is a deeply concerning incident and a cautionary tale for everyone with multiple online accounts,” Davis said in a statement.
“Our investigation remains ongoing, and we have found no evidence that our systems have been compromised or that player login information was stolen from our systems.”
BCLC spokesperson Matt Lee told Daily Hive that this affects “only online PlayNow players.”
“Anyone who purchases lottery tickets at retail for games like Lotto Max and Lotto 6/49 are not impacted.”
After the breach was identified, PlayNow notified impacted players that their accounts were locked due to suspicious activity.
PlayNow is continuing to investigate.
Several organizations, including the Office of the Information and Privacy Commissioner of BC, the Office of the Information and Privacy Commissioner of Canada, the BC Gaming Policy and Enforcement Branch, and the RCMP, have been notified.
Davis added, “Integrity and security are at the core of our business and our games.”