DraftKings, a sports betting company, has announced that it would make it up to all customers affected by a credential stuffing attack, which resulted in losses of up to $300,000. The hack happened after the common denominator for all accounts that were hijacked.
The hack occurred late Sunday night, the busiest day of the week for sportsbooks, and just hours before the first United States World Cup soccer match, which is expected to generate significant gambling interest. Then, early Monday morning, DraftKings issued a statement saying that it was looking into reports of customers having problems with their accounts.
DraftKings believes its customers’ login information was compromised on other websites and then used to access their DraftKings accounts using the same login information.
“We have seen no evidence that DraftKings’ systems were breached to obtain this information. We have identified less than $300,000 of customer funds that were affected, and we intend to make whole any customer that was impacted,” it said.
The company then advised customers not to use the same password for more than one online service and not to share their credentials with third-party platforms, such as betting trackers and betting apps other than DraftKings.
The sources for this piece include an article in BleepingComputer.