Data Exposed? The Sensational DraftKings Revelation

Fantasy gambling in sports.
A set of polyhedral dice used for role playing games such as Dungeons Dragons. Source: Depositphotos

Shocking revelations were announced as an attack on the privacy of DraftKings users, a known sports betting company. More than 67,000 accounts were invaded by hackers, making their private data exposed. The attack, known as the “stuffing attack” happened in November. This type of attack means that automated tools are applied in a large number of attempts to sign in as a registered user. That huge number of attempts can be described as up to millions at a time when user information, that was previously taken, is entered into log-in fields. 

Why Is Data Exposure Troublesome?

Usernames and passwords were stolen from customers from other online sources. This strategy performs very effectively on accounts for which users have submitted the same login credentials across many sites. Hackers are attempting to access as many accounts as they can to obtain personal and financial data. The illegally obtained data is then offered for sale on the dark web or any other channel of the hacker’s community. This is one of the worst things that can happen to your private information, as the stolen data could be abused in identity theft fraud schemes. Hackers can then drain bank accounts connected to compromised accounts or make unlawful transactions.

DraftKings Statement Regarding the Data Breach

DraftKings explained that the information of 67,995 users was exposed. If you are not familiar with DraftKings, check out their review on Strafe. As the company stated, the personal information of users was obtained from different, non-DraftKings sources. That info was used to access accounts on their platform from where hackers could extract account information like in some of all-time best action movies. Meaning the name, phone number, email, street address, photo, previous transactions, balance, and last four digits of the debit or credit card that the user has linked with his account was available to hackers.

DraftKings Reaction to Customers

Upon discovering the breach, measures were taken to protect the customers. All the impacted accounts’ passwords were changed, to stop the hacker’s further actions. As stated by DraftKings President and Cofounder Paul Liberman in November, they have reimbursed the money that had been taken out as a result of the credential assault. The amount that has been recognized as taken during the incident was around 300,000 USD. Following DraftKings’ disclosure of the credential stuffing assault, the compromised accounts were closed down, and the threat actors were informed that their operation was no longer effective.


Nowadays people are more open to online services and different commodities that the internet provides. And while they do that, the security of their private information is at risk. They need to be certain that the platforms they visit and in which they create accounts possess appropriate tools to protect them. Different firewalls, SSL encryption, and anything else that can keep them safe. If they are not mindful of this, they can be victims of identity theft, one of the worst things that can happen with your data. Credential stuffing assaults are rapidly increasing in number as the FBI has stated, thanks to easily accessible automated tools and compiled lists of compromised credentials.