DraftKings users lose thousands in devious cyberattack
Successful credential-stuffing attack targets DraftKings accounts
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Users of popular sports betting platform DraftKings were on the receiving end of a credential-stuffing attack that cost its victims approximately $300,000.
Issuing a statement via Twitter, the company’s co-founder and president, Paul Liberman said the platform’s systems were not compromised, but rather that the incident was the result of users’ poor cybersecurity practices.
“DraftKings is aware that some customers are experiencing irregular activity with their accounts. We currently believe that thelogin informationof these customers was compromised on other websites and then used to access their DraftKings accounts where they used the same login information,” the statement reads. “We have seen no evidence that DraftKings’ systems were breached to obtain this information.”
Setting up MFA
Liberman further went on to say that despite this being the end users’ mistake, the company will still reimburse the affected customers:
“We have identified less than $300,000 of customer funds that were affected, and we intend to make whole any customer that was impacted.”
During the attack, users found themselves being locked out of their accounts, and in some cases, the attackers were even setting up two-factor authentication using their phone numbers.
GM drivers may have had personal details revealed following phishing attack>Thousands of North Face customers accounts hacked, personal data stolen>Remove viruses and ransomware with the best malware removal services out there
Credential stuffing is a popular method in the cybercriminal community. Out of sheer convenience, many consumers end up using the same username/password combination for a number of different services.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The problem with this approach is that once one of those services is compromised, the users risk losing a lot more. Cybercriminals are also aware of this fact and often use automated scripts to test out the obtained login credentials on a myriad of services, from social media networks, to retail sites, to betting and banking accounts.
Users are advised to create strong and unique passwords for all their online accounts, and to usepassword managersto keep that information secure.
Via:The Register
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Should your VPN always be on?
3 reasons why PIA fell in our best VPN rankings
I’m a die-hard Apple fan, but even I’ll admit that the Google Pixel 9 Pro is the best-looking phone of the year
