Safety Detectives
$ United States dollar
$ United States dollar Euro£ British poundAED UAE dirhamARS Argentine pesoAU$ Australian dollarBGN Bulgarian levR$ Brazilian realCA$ Canadian dollarCHF Swiss francCLP Chilean pesoCN¥ Chinese yuanCOP Colombian pesoCZK Czech korunaDKK Danish kroneEGP Egyptian poundHK$ Hong Kong dollarHUF Hungarian forintIDR Indonesian rupiah Israeli new shekelINR Indian rupee¥ Japanese yen South Korean wonMX$ Mexican pesoMYR Malaysian ringgitNOK Norwegian kroneNZ$ New Zealand dollarPLN Polish złotyRON Romanian leuRUB Russian rubleSAR Saudi riyalSEK Swedish kronaSGD Singapore dollar฿ Thai bahtTRY Turkish liraNT$ New Taiwan dollarUAH Ukrainian hryvnia Vietnamese DongZAR South African rand

DraftKings Accounts Targeted and Compromised in Credential Stuffing Attack

Colin Thierry
Colin Thierry
Colin Thierry Colin Thierry

DraftKings admitted on Monday that some of its customers were targeted in credential stuffing attacks that allowed hackers to take over their accounts and transfer funds.

Since DraftKings is a sports betting company, many users have money in their accounts. Some users even linked their bank accounts to their DraftKings accounts, which makes them even more attractive targets for criminals.

According to reports, users first started to report issues with their DraftKings accounts over the weekend. The threat actors used very direct tactics as they would access the accounts (likely with information acquired from other data breaches) before quickly extracting funds.

The common denominator for all hijacked accounts seems to be an initial $5 deposit followed by the threat actors changing the password, enabling two-factor authentication (2FA) on a different phone number, before withdrawing as much as possible from the victims’ linked bank accounts.

Additionally, the cybercriminals changed the 2FA settings by redirecting to another phone number and locking the actual owners out of their accounts.

Since many users have their bank accounts linked to DraftKings, some withdrawals were made directly from the banks. 

“We currently believe that the login information of these customers was compromised on other websites and then used to access their DraftKings accounts where they used the same login information,” said DraftKings President and Cofounder Paul Liberman in a Tweet on Monday.

“We have seen no evidence that DraftKings’ systems were breached to obtain this information. We have identified less than $300,000 of customer funds that were affected, and we intend to make whole any customer that was impacted,” Liberman added.

The company says that criminals likely used credentials from other data breaches and advised DraftKings users to change their credentials immediately and replace them with entirely unique ones for their app. Also, they said users unlink the DraftKings and banking accounts and advised that they should set up 2FA if users haven’t already.

About the Author
Colin Thierry
Colin Thierry
Writer

About the Author

Colin Thierry is a former cybersecurity researcher and journalist for SafetyDetectives who has written a wide variety of content for the web over the past 2 years. In his free time, he enjoys spending time outdoors, traveling, watching sports, and playing video games.