DraftKings alerts customers to account breaches from credential stuffing

Investing.com -- Sports betting company DraftKings (NASDAQ: DKNG) has informed customers that their accounts were compromised in a series of credential stuffing attacks, according to breach notification letters sent last Thursday.

The Boston-based gambling company discovered the security incident on September 2, promptly investigating after detecting unauthorized access to customer accounts.

DraftKings emphasized that their internal systems weren't breached and that login credentials weren't obtained directly from the company. Instead, attackers used credentials stolen from non-DraftKings sources to gain access to customer accounts.

For affected users, the attackers may have accessed personal information including names, addresses, birth dates, phone numbers, email addresses, the last four digits of payment cards, profile photos, transaction histories, account balances, and password change dates.

The company didn't disclose how many customers were affected by the breach.

In response to the incident, DraftKings implemented several security measures, including requiring password resets for potentially affected customers, enabling multifactor authentication for DK Horse account logins, and deploying additional technical safeguards to prevent similar attacks.

Founded in 2012, DraftKings provides sportsbook and daily fantasy sports services. Bleeping Computer initially reported the news.

You May Also Be Interested In

• Goldman Sachs Downgrades Inspur Electronic Information Industry Co Ltd (000977:CH) to Sell
• argenx SE (ARGX) Reiterated at Market Outperform by Citizens: Ph3 Results on Track for Q3
• Morgan Stanley Starts OGE Energy (OGE) at Equalweight