Connect with us

Security

DraftKings hack exposes 67,000 users’ personal and financial info

Update your passwords and check your bank account for unusual activity.

Draftkings logo blurred background
Image: KnowTechie

DraftKings reported that it suffered a data breach in November that affected over 67,000 customers.

Even if you aren’t part of that group, it’s wise to change your DraftKings password. In the data breach notification, DraftKings said that the credentials used in the attack came from other websites.

Once in an account, the attacker did an initial $5 deposit, then changed the password and the phone number used for two-factor authentication. Then they withdrew money from any linked bank accounts.

BleepingComputer says that the compromised accounts cost $10 to $35 each on an online marketplace for hackers. The seller even included step-by-step instructions on how to drain the accounts.

DraftKings has cut off access to the hackers

Statement from draftkings about recent fraudulent activity
Image: DraftKings

DraftKings says it has reset the password of all 67,995 accounts it identified as breached in the latest attack. Any customer funds taken in the attack will be replaced.

A credential stuffing attack compromised the accounts in November. That’s when hackers automate bots to try millions of username and password combinations to gain access to online accounts.

The data in these attacks usually comes from other data breaches sold on hacker forums.

How to stay safe online

The best defense against hackers is unique passwords. Use a password manager like the one built into your browser and generate long, individual passwords for every online account.

That keeps your other accounts safe when one is breached.

Use two-factor authentication (2FA) methods wherever possible. The safest is an authenticator app, but even SMS 2FA provides another layer of defense.

Okta, a leading identity and access management provider, says credential-stuffing attacks are rising. The problem is so widespread that they say one in three sign-in attempts on sites they manage is fraudulent.

Have any thoughts on this? Carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Follow us on Flipboard, Google News, or Apple News

Maker, meme-r, and unabashed geek with nearly half a decade of blogging experience. If it runs on electricity (or even if it doesn't), Joe probably has one around his office somewhere. His hobbies include photography, animation, and hoarding Reddit gold.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

TikTok wants to give you free money

More in Security