DraftKings Data Breach Impacts Personal Information of 68,000 Customers
Residence › Cybercrime
DraftKings Information Breach Impacts Private Info of 68,000 Prospects
By Ionut Arghire on December 20, 2022
Tweet
Sports activities betting agency DraftKings says the private information of 68,000 people has been compromised in a current information breach.
The incident, initially disclosed in November, was the results of a credential stuffing assault and never a breach of DraftKings’ programs, the corporate says.
Credential stuffing entails the usage of leaked credentials (usernames, e-mail addresses, and passwords) obtained from a third-party supply to entry an account on a unique service. Such assaults are profitable solely as a result of some people use the identical credentials for accounts on completely different companies.
DraftKings additionally introduced on the time that the attackers withdrew roughly $300,000 from a few of the compromised accounts, and that it could restore all of the stolen funds.
On Friday, the corporate began sending out notification letters to the impacted prospects, to tell them that a few of their private data might need been compromised through the incident, reiterating that the attackers used leaked credentials to entry the accounts.
“Based mostly on our investigation to this point, we consider that attackers could have beforehand gained entry to your username or e-mail handle and password from a non-DraftKings supply after which used these credentials to entry your DraftKings account,” a notification letter despatched to impacted prospects reads.
DraftKings says that non-public data probably compromised within the assault could embrace names, addresses, cellphone numbers, e-mail addresses, profile photographs, account stability, the final 4 digits of a fee card, particulars about prior transactions, and the date of the final password change.
The corporate additionally notes that it has no proof that Social Safety numbers, driver’s license numbers, or monetary account numbers had been compromised within the assault and underlines that it doesn’t retailer full fee card numbers, card expiration dates, or CVVs.
Instantly after figuring out the incident, the corporate prompted the impacted prospects to reset their accounts’ passwords and is now urging them as soon as once more to reset their passwords and to assessment their account and credit score reviews to determine any suspicious exercise.
“We’ve got restored quantities which were withdrawn from sure accounts in reference to credential stuffing assaults, as decided and recognized by DraftKings,” the corporate says.
DraftKings knowledgeable the Maine Lawyer Normal {that a} whole of 67,995 people had been impacted within the information breach.
Associated: Private Info of 123Ok People Uncovered in Metropolis of Tucson Information Breach
Associated: California County Says Private Info Compromised in Information Breach
Associated: Information Breach at Shields Well being Care Group Impacts 2 Million Sufferers
Get the Every day Briefing
- Most Current
- Most Learn
- DraftKings Information Breach Impacts Private Info of 68,000 Prospects
- Microsoft Particulars Current macOS Gatekeeper Bypass Vulnerability
- Ukraine’s Delta Navy Intelligence Program Focused by Hackers
- Official: Russia, Iran Turmoil Restricted Meddling in US Vote
- New ‘RisePro’ Infostealer More and more Well-liked Amongst Cybercriminals
- Cybersecurity M&A Roundup for December 1-15, 2022
- FoxIt Patches Code Execution Flaws in PDF Instruments
- Malicious PyPI Module Poses as SentinelOne SDK
- Google Workspace Will get Consumer-Aspect Encryption in Gmail
- Cisco Warns of Many Previous Vulnerabilities Being Exploited in Assaults
Searching for Malware in All of the Improper Locations?
First Step For The Web’s subsequent 25 years: Including Safety to the DNS
Tattle Story: What Your Laptop Says About You
Be in a Place to Act By way of Cyber Situational Consciousness
Report Reveals Closely Regulated Industries Letting Social Networking Apps Run Rampant
2010, A Nice Yr To Be a Scammer.
Do not Let DNS be Your Single Level of Failure
Find out how to Determine Malware in a Blink
Defining and Debating Cyber Warfare
The 5 A’s that Make Cybercrime so Engaging
Find out how to Defend In opposition to DDoS Assaults
Safety Budgets Not in Line with Threats
Anycast – Three Causes Why Your DNS Community Ought to Use It
The Evolution of the Prolonged Enterprise: Safety Methods for Ahead Pondering Organizations
Utilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous Enterprise