Ohio Lottery Hack Affects Over 3 Million

Tyler Cross
Tyler Cross Senior Writer
Tyler Cross Tyler Cross Senior Writer

A hacker group calling themselves DragonForce has taken credit for hacking the Ohio lottery on the day before Christmas.

The already infamous group was responsible for smaller-scale crimes, like hacking an Australian yogurt company several months prior. While it isn’t proven they carried out the hack, it’s likely.

The hacking group claims to have over 3 million lotto players stolen credentials (including first and last names, email addresses, lotto win amounts, date of birth, and perhaps worst of all, social security numbers).

The information allegedly totals more than 600GB.

“We have obtained data from your network and we have encrypted your computers,” reads DragonForce in a “negotiation chat.”

The group is currently attempting to use the stolen information to extort Ohio’s lottery if their demands aren’t met within a “reasonable” timeframe. Reasonable being subject to their whims.

Researchers with Bleeping Computer point out that their tactics point to the group being fairly inexperienced.

The hack resulted in ohiolottery.com, claim forms, and advisories being taken offline. At the time of writing this, you still cannot access the website. Retailers are also unable to cash in any winnings over $599.

“Mobile cashing and prize cashing above $599 at Super Retailers are currently not available,” states the Ohio lottery in a press release.

“Additionally, winning numbers for KENO, Lucky One, and EZPLAY Progressive Jackpots are not available on our website or mobile app but can be checked at any Ohio Lottery Retailer.”

The company also said that users were still free to check their lotto numbers using the website, but as I mentioned earlier, it’s remained completely inaccessible. For the time being, lotto winners are stuck in a proverbial limbo until the problem is resolved.

For the moment, we don’t know exactly how the hack took place or what tools were used to carry out the breach.

The investigation by the Ohio state is ongoing.

About the Author
Tyler Cross
Tyler Cross
Senior Writer

About the Author

Tyler is a writer at SafetyDetectives with a passion for researching all things tech and cybersecurity. Prior to joining the SafetyDetectives team, he worked with cybersecurity products hands-on for more than five years, including password managers, antiviruses, and VPNs and learned everything about their use cases and function. When he isn't working as a "SafetyDetective", he enjoys studying history, researching investment opportunities, writing novels, and playing Dungeons and Dragons with friends."

Leave a Comment