This morning Camalot released the news that they’d detected suspicious logins on 26,000 of its on-line punter accounts, of which 50 had been altered. As far as they know. They’re keen to stress that this doesn’t affect their core system (i.e. can’t be used to fiddle the payouts).
It’s entirely possible that they haven’t been breached at all – people could be re-using passwords taken in an earlier heist. What’s odd is that someone has accessed thousands of accounts but done nothing with them. Why? Kiddies, possibly.
If this is as Camalot is currently reporting, well done to them for spotting the suspicious logins and acting fast.