DraftKings has experienced a credential stuffing attack resulting in unauthorized account access for some customers, exposing personal data. The company is implementing security measures like password resets and multi-factor authentication to protect users. #CredentialStuffing #DraftKings
Keypoints
- DraftKings notified customers of a recent credential stuffing cyberattack on their accounts.
- The attackers gained limited access to user data, including names, addresses, and last four digits of payment cards.
- Effective response measures include requiring password resets and enabling multi-factor authentication.
- The attack underscores the threat posed by automated tools and leaked credential lists used in credential stuffing campaigns.
- Historically, DraftKings has faced similar breaches, with significant financial losses reported in past incidents.