Thousands of DraftKings customer accounts reportedly hit by cyberattack. Reports claim that customers had $300,000 accounts stolen from their accounts as a result of the attacks.
Thousands of DraftKings Customer Accounts Reportedly Hit By Cyberattack
Sports betting firm DraftKings has recently shared some more light into the recent account breach it suffered.
The co-founder and president of the company, Paul Liberman took to the social media platform Twitter to announce a security occurrence after a threat actor apparently used credential stuffing to try and log into the DraftKings accounts of users.
The criminals however succeeded in those of instances and then ended up pulling over $300,000 from the accounts of people, although the company has refunded affected customers since then.
A Breach Notification Was Filed with the Main Attorney General’s Office
In a breach notification filed with the main Attorney General’s office, the firm has come out to say that a total of 67,995 people have had their accounts on the platform compromised. The company however did say that the threat actor got the login information elsewhere and had tried it against the accounts on its platform. The company also said that the attack was successful not due to DraftKings, but rather due to its users on the platform having really poor security practices and making use of the same passwords across multiple services.
Also detailed in the document is the type of information that was accessed during the incident, showing that identity theft and impersonation attacks could also happen in the nearest future:
“In the event an account was accessed, among other things, the attacker could have viewed the account holder’s name, address, phone number, email address, last four digits of payment card, profile photo, information about prior transactions, account balance, and last date of password change,” the announcement reveals.
“At this time, there is currently no evidence that the attackers accessed your Social Security number, driver’s license number, or financial account number.
“While bad actors may have viewed the last four digits of your payment card, your full payment card number, expiration date, and your CVV are not stored in your account.”
The Company Has Since Refunded Affected Accounts and Users
DraftKings besides refunding the money to affected accounts and customers also reset the account of people and then introduced new fraud alerts to the platform. The company also urged users to make use of unique passwords for their online accounts, to activate multi-factor authentication (MFA) where it is needed, and also to never share their login details with third parties.