DraftKings betting site hacked: Over 67,000 accounts exposed – Times of India
What is a credential-stuffing attack
For credential-stuffing attacks, hackers use automated tools to make innumerable attempts to sign into accounts using credentials stolen from other online services. Users who reuse the same login information across multiple platforms are most vulnerable to these attacks. In such cases, hackers tried to steal personal and financial info from multiple accounts which were later sold on hacking forums or the dark web. Attackers can also use the stolen information for identity theft scams, unauthorised transactions and emptying bank accounts of the victims.
How were the users targeted
The hacker initially deposited $5 in the hijacked accounts before their passwords were changed. This helped them to enable two-factor authentication (2FA) on a different phone number and allowed the withdrawal of funds from the bank accounts linked to the victims.
According to a report by BleepingComputer, the attacker was selling these stolen accounts with deposit balances on an online marketplace for $10 to $35. The hacker also offered instructions to the buyers describing how they can withdraw money from the hijacked DraftKings accounts.
How DraftKings reacted to the attack
DraftKings submitted a data breach notification to confirm that data of 67,995 people was exposed during last month’s attack. The company also claimed to have reset the affected accounts’ passwords and mentioned adding fraud alerts after the attack was detected. Moreover, DraftKings President and Cofounder Paul Liberman have also said that the company has restored the funds withdrawn during the hack. The company has refunded up to $300,000 worth of stolen money.
DraftKings also locked down the breached accounts after announcing the data breach and the company is warning account holders against using the same password for multiple online services. The company has also advised users to refrain from sharing their credentials with third-party platforms and to turn on 2FA on their accounts. DraftKings has even asked users to remove banking details and unlink their bank accounts to avoid any such fraudulent withdrawal requests.
5G Cyber Scam Alert: How you can and cannot get 5G on your phone
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.