DraftKings credential stuffing campaign targeting customer accounts
Campaign
Summary
Hide ▲
Show ▼
A DraftKings credential-stuffing campaign put an undisclosed number of customer accounts at risk and triggered breach notices. Attackers used stolen username/password pairs to log into some accounts and may have seen a limited amount of data tied to those accounts. DraftKings is forcing password resets for affected users and requiring multifactor authentication for DK Horse logins.
Related Happenings
Dashlane password manager account lockouts from brute-force attacks
Service Disruption
H score12
First: 01.06.2026 21:17
Last: 01.06.2026 21:17
Sources 1
About this happening:
**Dashlane** experienced a **temporary account-access disruption** after **brute-force login attempts** triggered security lockouts for some users. The affected accounts were late...
Dashlane password manager account lockouts from brute-force attacks
Service DisruptionAbout this happening: **Dashlane** experienced a **temporary account-access disruption** after **brute-force login attempts** triggered security lockouts for some users. The affected accounts were late...
BlackFile vishing extortion campaign targeting retail and hospitality organizations
Campaign
H score37
First: 24.04.2026 21:26
Last: 24.04.2026 21:26
Sources 1
About this happening:
The **BlackFile** campaign is driving **vishing-based data theft and extortion** against **retail and hospitality organizations**, putting employee credentials and enterprise data...
BlackFile vishing extortion campaign targeting retail and hospitality organizations
CampaignAbout this happening: The **BlackFile** campaign is driving **vishing-based data theft and extortion** against **retail and hospitality organizations**, putting employee credentials and enterprise data...
DraftKings hit by network compromise
Incident
H score35
First: 17.04.2026 10:10
Last: 17.04.2026 10:10
Sources 1
How related:
DraftKings informed affected customers that attackers had gained access to their accounts and a "limited amount" of their data in attacks that bore all the signs of a credential stuffing campaign.
About this happening:
**DraftKings** suffered a **credential-stuffing account compromise** that exposed nearly **68,000 accounts** and enabled theft from roughly **1,600 accounts**. Attackers reused cr...
DraftKings hit by network compromise
IncidentHow related: DraftKings informed affected customers that attackers had gained access to their accounts and a "limited amount" of their data in attacks that bore all the signs of a credential stuffing campaign.
About this happening: **DraftKings** suffered a **credential-stuffing account compromise** that exposed nearly **68,000 accounts** and enabled theft from roughly **1,600 accounts**. Attackers reused cr...
Kamerin Stokes sentenced for DraftKings account-selling scheme
Law Enforcement
H score39
First: 17.04.2026 10:10
Last: 17.04.2026 10:10
Sources 1
About this happening:
**Kamerin Stokes** was **sentenced to 30 months in prison** for selling access to **tens of thousands of hacked DraftKings accounts**, closing a federal **cybercrime** case that a...
Kamerin Stokes sentenced for DraftKings account-selling scheme
Law EnforcementAbout this happening: **Kamerin Stokes** was **sentenced to 30 months in prison** for selling access to **tens of thousands of hacked DraftKings accounts**, closing a federal **cybercrime** case that a...
Microsoft AiTM payroll pirate attack mitigation
Advisory/Mitigation
H score34
First: 10.04.2026 14:56
Last: 10.04.2026 14:56
Sources 1
About this happening:
**Microsoft** is urging defenders to harden **Microsoft 365** and related **HR workflows** against **AiTM**-driven payroll theft by requiring **phishing-resistant MFA**, blocking...
Microsoft AiTM payroll pirate attack mitigation
Advisory/MitigationAbout this happening: **Microsoft** is urging defenders to harden **Microsoft 365** and related **HR workflows** against **AiTM**-driven payroll theft by requiring **phishing-resistant MFA**, blocking...
Timeline
-
07.10.2025 22:09 2 articles · 9mo ago
DraftKings customer account access notices
Initial DisclosureDraftKings notified an undisclosed number of customers on October 2 that attackers had accessed their accounts in a credential stuffing campaign and may have viewed a limited amount of data, while government-issued identification numbers and full financial account numbers were not accessed.
Show sources
- DraftKings warns of account breaches in credential stuffing attacks — www.bleepingcomputer.com — 07.10.2025 22:09
- DraftKings warns of account breaches in credential stuffing attacks — www.bleepingcomputer.com — 07.10.2025 22:09
-
07.10.2025 22:09 1 articles · 9mo ago
DraftKings password reset and MFA response
Mitigation Patch UpdateDraftKings required potentially affected customers to reset DraftKings account passwords and enable multifactor authentication for DK Horse logins, and it also advised customers to review bank accounts and credit reports, place security freezes, and set fraud alerts as a precaution.
Show sources
- DraftKings warns of account breaches in credential stuffing attacks — www.bleepingcomputer.com — 07.10.2025 22:09