Find notable cyber news and cases, enriched with sources, timelines, and signals.

DraftKings credential stuffing campaign targeting customer accounts

Campaign
First reported
Last updated
Happening score
H score 42
1 unique sources, 1 articles

Summary

Hide ▲

A DraftKings credential-stuffing campaign put an undisclosed number of customer accounts at risk and triggered breach notices. Attackers used stolen username/password pairs to log into some accounts and may have seen a limited amount of data tied to those accounts. DraftKings is forcing password resets for affected users and requiring multifactor authentication for DK Horse logins.

Related Happenings

Dashlane password manager account lockouts from brute-force attacks

Service Disruption
H score12 First: 01.06.2026 21:17 Last: 01.06.2026 21:17 Sources 1

About this happening: **Dashlane** experienced a **temporary account-access disruption** after **brute-force login attempts** triggered security lockouts for some users. The affected accounts were late...

BlackFile vishing extortion campaign targeting retail and hospitality organizations

Campaign
H score37 First: 24.04.2026 21:26 Last: 24.04.2026 21:26 Sources 1

About this happening: The **BlackFile** campaign is driving **vishing-based data theft and extortion** against **retail and hospitality organizations**, putting employee credentials and enterprise data...

DraftKings hit by network compromise

Incident
H score35 First: 17.04.2026 10:10 Last: 17.04.2026 10:10 Sources 1

How related: DraftKings informed affected customers that attackers had gained access to their accounts and a "limited amount" of their data in attacks that bore all the signs of a credential stuffing campaign.

About this happening: **DraftKings** suffered a **credential-stuffing account compromise** that exposed nearly **68,000 accounts** and enabled theft from roughly **1,600 accounts**. Attackers reused cr...

Kamerin Stokes sentenced for DraftKings account-selling scheme

Law Enforcement
H score39 First: 17.04.2026 10:10 Last: 17.04.2026 10:10 Sources 1

About this happening: **Kamerin Stokes** was **sentenced to 30 months in prison** for selling access to **tens of thousands of hacked DraftKings accounts**, closing a federal **cybercrime** case that a...

Microsoft AiTM payroll pirate attack mitigation

Advisory/Mitigation
H score34 First: 10.04.2026 14:56 Last: 10.04.2026 14:56 Sources 1

About this happening: **Microsoft** is urging defenders to harden **Microsoft 365** and related **HR workflows** against **AiTM**-driven payroll theft by requiring **phishing-resistant MFA**, blocking...

Timeline

  1. 07.10.2025 22:09 2 articles · 9mo ago

    DraftKings customer account access notices

    Initial Disclosure

    DraftKings notified an undisclosed number of customers on October 2 that attackers had accessed their accounts in a credential stuffing campaign and may have viewed a limited amount of data, while government-issued identification numbers and full financial account numbers were not accessed.

    Show sources
  2. 07.10.2025 22:09 1 articles · 9mo ago

    DraftKings password reset and MFA response

    Mitigation Patch Update

    DraftKings required potentially affected customers to reset DraftKings account passwords and enable multifactor authentication for DK Horse logins, and it also advised customers to review bank accounts and credit reports, place security freezes, and set fraud alerts as a precaution.

    Show sources