Updated on 2022-12-21
Sports betting company DraftKings notified 68,000 individuals of a data breach that potentially compromised their personal data, including usernames, passwords, and email addresses.
— DraftKings CX Team (@DK_Assist) November 21, 2022
Updated on 2022-12-05: FBI investigating DraftKings credential stuffing incident
ESPN is reporting that the FBI is investigating the credential stuffing attack that hit sports betting platform DraftKings last month and following which hackers stole more than $300,000 from the company’s customers. Rival sports betting platform FanDuel also reported a spike in account takeover attacks at the same time as the DraftKings incident. Read more:
- Source: FBI investigating cyberattack of online sportsbooks
- DraftKings says no evidence systems were breached following report of a hack
Updated on 2022-11-22: DraftKings account hacks
Sports betting service DraftKings confirmed that hackers stole $300,000 from customer accounts. The company blamed the incident on users who reused (compromised) passwords for their accounts. However, online, several users said they used unique passwords, which might suggest that some users might have had their computers infected with malware that stole their DraftKing credentials.
— DraftKings CX Team (@DK_Assist) November 21, 2022
Overview
An undisclosed number of DraftsKings customers ended up losing $300,000 to an alleged credential stuffing campaign. However, no signs of breach have been found yet. Read more: Credential Stuffers Steal $300K from DraftKings Customers