Technology

DraftKings betting site hacked: Over 67,000 accounts exposed – Times of India

By Naomi Gleit
Last month, sports betting site DraftKings announced that the platform was hit by a credential-stuffing attack that led to losses of up to $300,000. The company has recently revealed that the cyber attack affected more than 67,000 customers. The personal information of these users was also exposed due to the hack. Moreover, the company also mentioned that the attacker got hold of the user credentials (that customers need to log into their accounts) from a non-DraftKings source.
What is a credential-stuffing attack
For credential-stuffing attacks, hackers use automated tools to make innumerable attempts to sign into accounts using credentials stolen from other online services. Users who reuse the same login information across multiple platforms are most vulnerable to these attacks. In such cases, hackers tried to steal personal and financial info from multiple accounts which were later sold on hacking forums or the dark web. Attackers can also use the stolen information for identity theft scams, unauthorised transactions and emptying bank accounts of the victims.
How were the users targeted
The hacker initially deposited $5 in the hijacked accounts before their passwords were changed. This helped them to enable two-factor authentication (2FA) on a different phone number and allowed the withdrawal of funds from the bank accounts linked to the victims.

According to a report by BleepingComputer, the attacker was selling these stolen accounts with deposit balances on an online marketplace for $10 to $35. The hacker also offered instructions to the buyers describing how they can withdraw money from the hijacked DraftKings accounts.
How DraftKings reacted to the attack
DraftKings submitted a data breach notification to confirm that data of 67,995 people was exposed during last month’s attack. The company also claimed to have reset the affected accounts’ passwords and mentioned adding fraud alerts after the attack was detected. Moreover, DraftKings President and Cofounder Paul Liberman have also said that the company has restored the funds withdrawn during the hack. The company has refunded up to $300,000 worth of stolen money.
DraftKings also locked down the breached accounts after announcing the data breach and the company is warning account holders against using the same password for multiple online services. The company has also advised users to refrain from sharing their credentials with third-party platforms and to turn on 2FA on their accounts. DraftKings has even asked users to remove banking details and unlink their bank accounts to avoid any such fraudulent withdrawal requests.

5G Cyber Scam Alert: How you can and cannot get 5G on your phone

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.

Naomi Gleit 44842 posts 0 comments
More Stories

Will OnePlus 13 outpace Xiaomi with the first Snapdragon 8…

Google to appeal Play Store ruling | Computer Weekly

Smart charger aims to ease grid stress from EVs

1 of 69,748