Credential Stuffing Attacks Target DraftKings User Accounts

First reported

07.10.2025 22:09

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

DraftKings has notified customers of account breaches resulting from credential stuffing attacks. Attackers used stolen login credentials from other services to access user accounts, potentially viewing personal and financial information. The company has mandated password resets and multifactor authentication for affected accounts. The attacks did not compromise sensitive data such as government-issued identification numbers or full financial account numbers. DraftKings has advised customers to take additional security measures to protect their accounts and personal information.

Timeline

07.10.2025 22:09 1 articles · 3h ago

Credential Stuffing Attacks Target DraftKings User Accounts
DraftKings notified customers of account breaches due to credential stuffing attacks. Attackers accessed personal and financial information, but did not obtain highly sensitive data. The company has mandated password resets and enabled multifactor authentication for affected accounts. Customers are advised to take additional security measures.
Show sources

DraftKings warns of account breaches in credential stuffing attacks — www.bleepingcomputer.com — 07.10.2025 22:09
Open in new tab

Information Snippets

DraftKings is a gambling company based in Boston, founded in 2012, with over 5,100 employees and $4.77 billion in reported revenues for 2024.
First reported: 07.10.2025 22:09

1 source, 1 article
Show sources
- DraftKings warns of account breaches in credential stuffing attacks — www.bleepingcomputer.com — 07.10.2025 22:09
Credential stuffing attacks involve using automated tools to breach user accounts with stolen username/password pairs from other online services.
First reported: 07.10.2025 22:09

1 source, 1 article
Show sources
- DraftKings warns of account breaches in credential stuffing attacks — www.bleepingcomputer.com — 07.10.2025 22:09
Attackers accessed DraftKings accounts and viewed personal and financial information, but did not obtain sensitive data like government-issued identification numbers or full financial account numbers.
First reported: 07.10.2025 22:09

1 source, 1 article
Show sources
- DraftKings warns of account breaches in credential stuffing attacks — www.bleepingcomputer.com — 07.10.2025 22:09
DraftKings has mandated password resets and enabled multifactor authentication for affected accounts.
First reported: 07.10.2025 22:09

1 source, 1 article
Show sources
- DraftKings warns of account breaches in credential stuffing attacks — www.bleepingcomputer.com — 07.10.2025 22:09
DraftKings previously experienced a credential stuffing attack in November 2022, resulting in up to $300,000 stolen from accounts.
First reported: 07.10.2025 22:09

1 source, 1 article
Show sources
- DraftKings warns of account breaches in credential stuffing attacks — www.bleepingcomputer.com — 07.10.2025 22:09