About 26,500 National Lottery accounts are feared to have been hacked, according to its operator Camelot.
The firm said it did not believe its own systems had been compromised, but rather that the players’ login details had been stolen from elsewhere.
The company said that no money had been taken from or added to the compromised accounts.
But it added that there had been other suspicious activity on fewer than 50 of them.
“We are currently taking all the necessary steps to fully understand what has happened, but we believe that the email address and password used on the National Lottery website may have been stolen from another website where affected players use the same details,” Camelot said in a statement.
“We do not hold full debit card or bank account details in National Lottery players’ online accounts and no money has been taken or deposited.
“However, we do believe that this attack may have resulted in some of the personal information that the affected players hold in their online account being accessed.”
A spokeswoman added that the accounts represented a small fraction of the draw’s 9.5 million registered online players.
Camelot is contacting the owners of the accounts thought to have been compromised and instructing them to change their passwords.
Never use the same password on multiple sites. Each site needs an individual password. Please read our How to protect yourselves page for simple, sensible advice on how to avoid being infected or compromised by this sort of problem.