In late November 2022, sports betting firm DraftKings announced that it had suffered a data breach affecting approximately 68,000 customers. The company stated that the breach resulted from a credential stuffing attack, in which attackers obtained credentials from a third-party source and attempted to use them to access DraftKings accounts.

According to DraftKings, the attackers were able to withdraw around $300,000 from compromised accounts before the breach was discovered. The company has since refunded all stolen funds to affected customers.

While the attack did not involve a breach of DraftKings’ systems, the company has disclosed that personal information such as names, addresses, phone numbers, email addresses, and profile pictures may have been compromised in the attack. Additionally, the attackers may have accessed the last four digits of payment cards, details of prior transactions, and the date of the last password change for affected accounts.

DraftKings has emphasized that there is no evidence that social security numbers, driver’s license numbers, or financial account numbers were compromised in the attack. The company also noted that it does not store full payment card numbers, expiration dates, or CVVs, so these types of sensitive information were not at risk.

In response to the data breach, DraftKings has prompted impacted customers to reset their account passwords and has urged all customers to review their account and credit reports for any suspicious activity. The company has also informed the Maine Attorney General that the attack impacted 67,995 individuals.

The data breach at DraftKings highlights the importance of protecting personal and financial information from cyber attacks. As a business owner, it is important to implement strong password policies, regularly update software and security protocols, and monitor for suspicious activity to protect against credential-stuffing attacks and other cyber threats. Additionally, it is crucial for individuals and organizations to use unique, strong passwords for each account and to regularly update these passwords to reduce the risk of falling victim to a credential-stuffing attack. By taking these precautions, you can help ensure the security of your business and your customers’ personal and financial information.

Related Posts - TKS Blog

keyless password
The State Of Passwords in 2025
Passwords have long been a necessary but frustrating aspect of digital security. Most users either dislike them or outright despise them. Despite the growing push...
Read more
TKS Newsletter - 2025 February
Here's our February 2025 Newsletter Read the full PDF version here: The TKS Sentinel - February Issue In this month's edition, we discuss: Work-Specific Tools Windows 11...
Read more
common password mistakes
Password Management Tips For Businesses
Is Your Business Cyber Secure? Passwords are the front line of defense against cyberattacks. Yet, most businesses still struggle with password security—whether it’s employees using weak...
Read more
password managers for business
How Password Managers Strengthen Your Cybersecurity Posture
The Growing Threat of Password Vulnerabilities Protecting your sensitive business information has never been more critical than it is today. Passwords remain one of the weakest...
Read more

Used with permission from Article Aggregator