Hackers are cracking the machines at a discount store in a bid to steal a $5,000-a-year lottery ticket.
According to the New York Post, a woman from the UK used a hacking app called ShiftyCoder to get into the register.
The app allows users to “search” for the right number of coins to win.
It uses the same algorithm used by the lottery to calculate the odds of winning the $5 million prize, but instead of using the lottery’s traditional odds, the app uses its own.
Using the ShiftyCode app, the woman was able to crack the register and take away the ticket, but she left behind a lot of information about the machine that could help law enforcement catch people who are using the same device.
She said she had just bought the ticket when the machine malfunctioned.
“I don’t have the cash,” she said.
“I just bought a ticket and then I realised it’s gone.”
A security researcher from UK cybersecurity firm Sophos was able use the same software to crack a vending machines kiosk in Japan.
After the ticket was taken away, the attacker then posted screenshots of the kiosk’s logs online, the Post reported.
He wrote, “I was at a kiosk on a train and the ticket went into the machine but when I got there, the machine was still running.
I have access to the data of the machine and it has a history of going through multiple times.”
The device that was stolen is an ATM, and the attacker could have accessed the machine’s database to steal other machines, the report said.
Sophos said the attack could potentially be used to steal credit card information, although the vendor is not aware of any instances of this.
A spokesperson for the company said they were aware of the attack and are working with the police.
Online security researcher Dan Fries said the breach is “not surprising”.
“If you want to be in the lottery, you can get a ticket, and then the machine just won’t do it, you just need to buy the ticket again and again and that’s how it works,” he told CBC News.
But he said it’s not unusual for machines to be hacked and for ticket vendors to leave behind some information about machines that aren’t their own.
“I can imagine that the person who had the ticket and the kiosks, they’ve got all sorts of information on the machines.
You could see their name and phone number and all that sort of stuff,” he said.