Wednesday, November 23, 2022

DraftKings users lose thousands in devious cyberattack

Users of popular sports betting platform DraftKings were on the receiving end of a credential-stuffing attack that cost its victims approximately $300,000. 

Issuing a statement via Twitter, the company’s co-founder and president, Paul Liberman said the platform’s systems were not compromised, but rather that the incident was the result of users’ poor cybersecurity practices.

“DraftKings is aware that some customers are experiencing irregular activity with their accounts. We currently believe that the login information of these customers was compromised on other websites and then used to access their DraftKings accounts where they used the same login information,” the statement reads. “We have seen no evidence that DraftKings’ systems were breached to obtain this information.”

Setting up MFA

Liberman further went on to say that despite this being the end users’ mistake, the company will still reimburse the affected customers:

“We have identified less than $300,000 of customer funds that were affected, and we intend to make whole any customer that was impacted.”

During the attack, users found themselves being locked out of their accounts, and in some cases, the attackers were even setting up two-factor authentication using their phone numbers.

Read more

> GM drivers may have had personal details revealed following phishing attack

 > Thousands of North Face customers accounts hacked, personal data stolen

 > Remove viruses and ransomware with the best malware removal services out there

Credential stuffing is a popular method in the cybercriminal community. Out of sheer convenience, many consumers end up using the same username/password combination for a number of different services.

The problem with this approach is that once one of those services is compromised, the users risk losing a lot more. Cybercriminals are also aware of this fact and often use automated scripts to test out the obtained login credentials on a myriad of services, from social media networks, to retail sites, to betting and banking accounts. 

Users are advised to create strong and unique passwords for all their online accounts, and to use password managers to keep that information secure. 

Via: The Register



from TechRadar - All the latest technology news https://ift.tt/q0T9Hpg
at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

This is the largest USB Flash Drive you can buy right now: 4TB USB 3.2 Gen2 thumb disk from Oyen Digital uses 3D TLC NAND — and can reach speeds of up to 1050MBps

Dash Pro Flash Drive delivers up to 4TB storage with high speeds Achieves 1050MBps on USB 3.2; supports USB-C and Thunderbolt Includes ...