The sports betting company DraftKings announced today that all of its customers might be affected by a credential stuffing attack, resulting in losses of up to $300,000.
This follows an initial confirmation that the sports betting company is investigating reports of customers whose accounts have been allegedly hijacked.
The Hackers Have Been Withdrawing Money From Victims' Bank Accounts
DraftKings customers have been the target of a recent credential stuffing hack, which hijacked users' accounts after an initial deposit of $5 in their linked banks.
Following the deposits, the hackers immediately changed passwords, enabling two-factor authentication on different phone numbers, and proceeded to get money from the accounts.
According to Bleeping Computer, some victims of the hack already expressed their frustrations since they were not able to contact the company while the hijackers withdrew their money.
However, 12 hours later, DraftKings' President Paul Liberman denied the company's involvement in the attack saying that they believe users' login information were compromised on other websites.
Liberman also claims that there has been no evidence proving that DraftKings' systems were breached, but confirms that they have identified $300,000 of customer funds were affected.
With this, the sports betting company advised its customers to not use the same password for multiple online accounts, and to never share user credentials with third-party platforms.
Furthermore, DraftKings told customers who have not been affected by the credential stuffing attack to immediately turn on two-factor authentication, and to unlink their bank accounts.
Bleeping Computer describes a credential stuffing attack as a hacking technique where hackers use automated tools to make repeated attempts to access accounts with credentials stolen from online services.
This works well against accounts with associated information, and it can be used to takeover as many accounts as possible to get information that can be sold on the dark web or on hacker forums.
Moreover, hackers can use the credentials to make unauthorized purchases or transfer money to other bank accounts, just like what happened to some DraftKings accounts.
Read More: Reseller Hack Results In Data Breach, Vodafone Italy Confirms
DraftKings Stocks Collapsed Following The Incident
According to the New York Post, DraftKings' stocks stumbled after the incident as it took a 10% dive before it rebounded on Monday.
Fox News reports that this comes around a time where the sports betting industry is busy with the NFL playing week, and the start of the 2022 FIFA World Cup.
DraftKing says that they are investigating the incident, which happened at a time when users are becoming more unsure of online financial transactions, following the collapse of the crypto platform FTX.
It can be remembered that DraftKings' competitor FanDuel also reported hacker activity recently, but these attempts have been unsuccessful, CNBC writes.
With this, the FBI warned companies and customers recently of the growing number of hacking attacks due to readily available information from leaked credentials and automated tools.
Okta also recognizes the worsening situation in connection to breaches this year, as it recorded more than 10 billion credential stuffing incidents on its platforms in the first quarter of 2022 alone.
Related Article: REvil Ransomware Gang Has StartedLeaking Data, Medibank Warns Customers
