Exploit: Credential Stuffing
Risk to Business: Extreme
Users of sports book platform DraftKings took a heavy hit last week with an estimated $300k lost to a credential stuffing attack. A company official confirmed the attack in a statement, saying that they believe that the incident stemmed from customers reusing login credentials that had already been compromised elsewhere. Bad actors gained access to several user accounts that they immediately took over, changing the passwords and enabling 2FA for a phone number they controlled. DraftKings has said that customers who lost money will be made whole but did not offer specifics.
Stress on your Business:
This is not a good look during a busy time f year for sports betting with the World Cup ongoing and the U.S. football playoffs ahead.
How Sieve can help:
If you have ever received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft contact us at 414.238.2110 or at [email protected] and we will provide you with specific tools that protect you from today’s security risks.