DraftKings customers have become the latest customers to lose money from a cyber attack in the US. The online sports betting company revealed earlier today that they would make whole the losses of up to $300,000, which were stolen from those who fell victim to the attack.
News of the latest cyber attack in 2022 first began to circle on Twitter after customers began to complain of being locked out from their accounts by hackers. Customers who fell victim to the attack expressed their frustration at being unable to contact DraftKings personnel for help while watching their bank funds drained by the cybercriminals.
How Did the Threat Actor access DraftKings’s Customers
Bank Accounts?
All of the DraftKings accounts which were hacked received a $5 deposit which was then followed up by the hackers changing the password on the account. This enabled them to complete 2FA (two-factor authentication security) from a different phone number.
Once logged into the account under a new password, they made as many withdrawals as possible from the bank accounts customers had linked to their profile on the betting site.
It is thought that the hackers could access the DraftKings accounts by using login information from other compromised websites. They were then able to successfully log into user accounts that used the same login credentials on the DraftKings website.
DraftKings President Paul Liberman took to Twitter to state that he had seen no evidence that any of the Draft Kings Data Access Systems were compromised to steal sensitive information or login credentials.
DraftKings Users Were Advised to take Action to Protect Their Bank Accounts.
The betting organization has also advised that to ensure future cyber attack prevention, users shouldn’t use the same passwords across different sites and online services. They also cautioned against customers sharing their login credentials with third-party sites such as betting apps and trackers.
Those not affected by this cyber attack have been advised to apply two-factor authentication on their DraftKings account immediately and to remove their bank details or unlink their bank account from their profile entirely. It is hoped that this action will stop any further withdrawals from customer accounts.
What is Credential Stuffing?
Credential stuffing describes the process of cyber threat actors using automated tools to attempt to gain access to accounts using stolen login information from other sites. Using these automated tools, they can make up to a million attempts until they identify accounts with the same login credentials across more than one site.
This strategy is made possible by the habits of some users who have the same password and login credentials saved across several different websites and platform accounts.
Once the account has been hacked into, threat actors can drain linked bank accounts and then sell sensitive personal information, social security, and financial data to other criminals on the dark web.
There has been a sharp increase in these types of cyber attacks in 2022 due to a growth in illegal, automated credential-stuffing tools and leaked login credentials from other data breaches and attacks.