Cache
There are only two hard things in Computer Science: cache invalidation, naming things, and off-by-one errors.
Postcode Lottery's lucky dip turns into data slip as players draw each other's info
A major UK lottery organization says it has resolved a technical error that exposed customer data to other users. People's Postcode Lottery (PPL) subscribers briefly saw other players' personal information when logging into the site on Monday. The exposed data included names, addresses, email addresses, and dates of birth. …
-
Thursday 30th October 2025 11:40 GMT TVU
"People's Postcode Lottery (PPL) subscribers briefly saw other players' personal information when logging into the site on Monday. The exposed data included names, addresses, email addresses, and dates of birth"
As Mr C of The Shamen said on the Ebeneezer Goode track, "Naughty, naughty, very naughty".
Seriously though, that could have allowed for screenshotting of someone else's full details that could then be used for assorted nefarious purposes. It's not a good look and they ought to now start taking data security seriously.
As with any lottery, it's the lottery company that is the real winner and in the case of the Postcode Lottery, they do pay out quite a few miserly prizes like £10 to £1,000 prizes. Also, you can tell it's a second rate lottery because it's only B and C grade celebrities who are seen advertising it.
-
Thursday 30th October 2025 12:24 GMT BinkyTheMagicPaperclip
'17 minutes'
Might do to dig slightly deeper ElReg, '17 minutes' were what People's lottery reported, wasn't it?
Idle look at the forums in-between waiting for customers and mild losing the will to live :
angryoldgit 10:59 First post.
SURREYDAVE 13:42 'Same here — I experienced the exact same issue. I called them to report it, but they said they were already aware of the problem.'
MouldyOldDough 15:44 'The site is still up and running with no reports or warnings ! '
but finally
marcia_ 16:06 'It's showing an application error when i try and log on so they are working on it '
Still, although I personally feel the People's Lottery is even more of a waste of time than the National Lottery (which I do play at times, because a bit of hope is fun, and the opportunity cost is pretty low), at least they did actually address it, such are the low standards of the rest of the industry
-
Thursday 30th October 2025 12:49 GMT Pascal Monett
"affecting small number of users"
Yeah, of course. It only ever affects a "small number of users".
Hello ? If you were the user affected, would you care that you're the only one ?
I'm guessing not.
Let's agree to affect the CEO in every case and find out how quick this kind of issue would be solved.
-
Thursday 30th October 2025 14:10 GMT Chris Evans
Can they be sure who's details were exposed?
I can see how there logs would say who had logged in and seen other people details and if it was just one other persons details shown (out by 1? error) they could know who was exposed but as it was changing (randomly?) each reload it gets more complicated to be sure who's details was exposed.
-
Thursday 30th October 2025 21:17 GMT Anonymous Coward
Re: Can they be sure who's details were exposed?
Complete guess but in the past this symptom of seeing other customer's data has tended to be a session sharing issue. So if you can work out who was logged on to the website at the time, those are the people likely to have had their details displayed to others. Of course, it is possible that it was displaying random customer data from the customer database. In which case you might struggle to know who was displayed. The last two times I've read about similar errors it was people accidentally being given other visitors sessions.
I once caused a similar bug updating the settings on a company website (fortunately in test). That time it was a caching problem where a proxy between the visitors and the website had cached the first visitor's session cookie and every subsequent visitor got automatically logged in as them. Soon after I decided to step back from devops and stick with the dev.
-
-
Biting the hand that feeds IT
