Security News > 2022 > November > Hackers steal $300,000 in DraftKings credential stuffing attack
Sports betting company DraftKings said today that it would make whole customers affected by a credential stuffing attack that led to losses of up to $300,000.
The statement follows an early Monday morning tweet saying that DraftKings was investigating reports [1, 2, 3, 4] of customers experiencing issues with their accounts.
"We currently believe that the login information of these customers was compromised on other websites and then used to access their DraftKings accounts where they used the same login information," revealed DraftKings President and Cofounder Paul Liberman more than 12 hours later.
DraftKings customers who haven't yet been affected by this credential-stuffing campaign are advised to immediately turn on 2FA on their accounts and remove any banking details or, even better, unlink their bank accounts to block fraudulent withdrawal requests.
In credential stuffing, threat actors use automated tools to make repeated attempts to gain access to user accounts using credentials stolen from other online services.
The attackers will also use the stolen info in future identity theft scams to make unauthorized purchases or-as it happened in the case of hijacked DraftKings accounts-transfer money in linked banking accounts to accounts under their control.
News URL
Related news
- Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others (source)
- US sanctions APT31 hackers behind critical infrastructure attacks (source)
- Retail chain Hot Topic hit by new credential stuffing attacks (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Roku warns 576,000 accounts hacked in new credential stuffing attacks (source)
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (source)
- Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks (source)
- Okta warns of "unprecedented" credential stuffing attacks on customers (source)
- Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks (source)