DraftKings data breach exposed 67,000 accounts
DraftKings has revealed that nearly 68,000 customers had their personal information exposed in a credential-stuffing attack in November.
A credential-stuffing attack is a type of cyberattack where an attacker uses stolen account credentials from other hacks to gain access to a third-party system. The attack method relies on the unfortunate fact that many users use the same password for multiple sites.
“In the event an account was accessed, among other things, the attacker could have viewed the account holder’s name, address, phone number, email address, last four digits of payment card, profile photo, information about prior transactions, account balance, and last date of password change,” the announcement claims.
“At this time, there is currently no evidence that the attackers accessed Social Security numbers, driver’s license number or financial account numbers, said DraftKings.