Security News > 2022 > November > Hackers steal $300,000 in DraftKings credential stuffing attack
Sports betting company DraftKings said today that it would make whole customers affected by a credential stuffing attack that led to losses of up to $300,000.
The statement follows an early Monday morning tweet saying that DraftKings was investigating reports [1, 2, 3, 4] of customers experiencing issues with their accounts.
"We currently believe that the login information of these customers was compromised on other websites and then used to access their DraftKings accounts where they used the same login information," revealed DraftKings President and Cofounder Paul Liberman more than 12 hours later.
DraftKings customers who haven't yet been affected by this credential-stuffing campaign are advised to immediately turn on 2FA on their accounts and remove any banking details or, even better, unlink their bank accounts to block fraudulent withdrawal requests.
In credential stuffing, threat actors use automated tools to make repeated attempts to gain access to user accounts using credentials stolen from other online services.
The attackers will also use the stolen info in future identity theft scams to make unauthorized purchases or-as it happened in the case of hijacked DraftKings accounts-transfer money in linked banking accounts to accounts under their control.
News URL
Related news
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials (source)
- Hackers exploit Roundcube webmail flaw to steal email, credentials (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- Hackers steal 15,000 cloud credentials from exposed Git config files (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)