News
DraftKings hack exposes 67,000 users’ personal and financial info
Update your passwords and check your bank account for unusual activity.
Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.
DraftKings reported that it suffered a data breach in November that affected over 67,000 customers.
Even if you aren’t part of that group, it’s wise to change your DraftKings password. In the data breach notification, DraftKings said that the credentials used in the attack came from other websites.
Once in an account, the attacker did an initial $5 deposit, then changed the password and the phone number used for two-factor authentication. Then they withdrew money from any linked bank accounts.
BleepingComputer says that the compromised accounts cost $10 to $35 each on an online marketplace for hackers. The seller even included step-by-step instructions on how to drain the accounts.
DraftKings has cut off access to the hackers
DraftKings says it has reset the password of all 67,995 accounts it identified as breached in the latest attack. Any customer funds taken in the attack will be replaced.
A credential stuffing attack compromised the accounts in November. That’s when hackers automate bots to try millions of username and password combinations to gain access to online accounts.
The data in these attacks usually comes from other data breaches sold on hacker forums.
How to stay safe online
The best defense against hackers is unique passwords. Use a password manager like the one built into your browser and generate long, individual passwords for every online account.
That keeps your other accounts safe when one is breached.
Use two-factor authentication (2FA) methods wherever possible. The safest is an authenticator app, but even SMS 2FA provides another layer of defense.
Okta, a leading identity and access management provider, says credential-stuffing attacks are rising. The problem is so widespread that they say one in three sign-in attempts on sites they manage is fraudulent.
Have any thoughts on this? Carry the discussion over to our Twitter or Facebook.
Editors’ Recommendations:
- Android users: remove these apps ASAP, they contain malware
- A viral TikTok trend is spreading malware
- Netflix officially cracking down on password sharing in 2023
- Comcast report proves people still don’t care about cybersecurity