DraftKings warns that 67,000 people’s data was compromised in account hacks
DraftKings, a Boston-based sports betting contest provider, revealed last week that more than 67,000 customers’ personal information was compromised as a result of a credential attack in November. The company previously stated that it was the victim of an attack early in November.
DraftKings disclosed in a data breach notification filed with the Main Attorney General’s office that the data of 67,995 people was exposed in last month’s incident. The attackers obtained the credentials required to log into the customers’ accounts from a non-DraftKings source, according to the company. While DraftKings users’ bank accounts were targeted in the attack
DraftKings reset the passwords of the affected accounts and said it implemented additional fraud alerts after discovering the attack. Customers are now being advised not to use the same password for multiple online services, not to share their credentials with third-party platforms, to immediately enable 2FA on their accounts, and to remove banking details or unlink their bank accounts to prevent future fraudulent withdrawal requests.
The sources for this piece include an article in BleepingComputer.