In late November 2022, sports betting firm DraftKings announced that it had suffered a data breach affecting approximately 68,000 customers. The company stated that the breach resulted from a credential stuffing attack, in which attackers obtained credentials from a third-party source and attempted to use them to access DraftKings accounts.

According to DraftKings, the attackers were able to withdraw around $300,000 from compromised accounts before the breach was discovered. The company has since refunded all stolen funds to affected customers.

While the attack did not involve a breach of DraftKings’ systems, the company has disclosed that personal information such as names, addresses, phone numbers, email addresses, and profile pictures may have been compromised in the attack. Additionally, the attackers may have accessed the last four digits of payment cards, details of prior transactions, and the date of the last password change for affected accounts.

DraftKings has emphasized that there is no evidence that social security numbers, driver’s license numbers, or financial account numbers were compromised in the attack. The company also noted that it does not store full payment card numbers, expiration dates, or CVVs, so these types of sensitive information were not at risk.

In response to the data breach, DraftKings has prompted impacted customers to reset their account passwords and has urged all customers to review their account and credit reports for any suspicious activity. The company has also informed the Maine Attorney General that the attack impacted 67,995 individuals.

The data breach at DraftKings highlights the importance of protecting personal and financial information from cyber attacks. As a business owner, it is important to implement strong password policies, regularly update software and security protocols, and monitor for suspicious activity to protect against credential-stuffing attacks and other cyber threats. Additionally, it is crucial for individuals and organizations to use unique, strong passwords for each account and to regularly update these passwords to reduce the risk of falling victim to a credential-stuffing attack. By taking these precautions, you can help ensure the security of your business and your customers’ personal and financial information.

Related Posts - TKS Blog

TKS Newsletter - 2024 December
Here's our December 2024 Newsletter Read the full PDF version here: The TKS Sentinel - December Issue In this month's edition, we discuss: Ransomware Threats PDF Hijacking ...
Read more
5 New Trends from a Study on the State of AI at Work
5 New Trends of AI At Work
The pace of technological advancement is accelerating. This is not news to anyone wading through the ChatGPT craze. Artificial intelligence (AI) is at the forefront...
Read more
zero trust protections
Zero Trust Cybersecurity: Essential for Keeping Your Data Secure
As cyber threats become increasingly sophisticated, businesses can no longer rely solely on traditional methods to protect their data. Hackers are no longer trying to...
Read more
voice technology options
Harnessing the Power of Voice Technology
Voice technology is quickly becoming one of the most valuable tools for businesses seeking to improve customer interactions, streamline operations, and cut costs. With...
Read more

Used with permission from Article Aggregator