Nearly 68,000 DraftKings customers had their personal data compromised after a credential stuffing attack against the sports betting platform last month, according to BleepingComputer.
DraftKings disclosed in a data breach notification to the Maine Attorney General's office that 67,995 individuals had their data exposed in last month's cyberattack, with customer accounts compromised using credentials obtained from a non-DraftKings source.
"In the event an account was accessed, among other things, the attacker could have viewed the account holder's name, address, phone number, email address, last four digits of payment card, profile photo, information about prior transactions, account balance, and last date of password change," said DraftKings, which has already activated additional fraud alerts while resetting impacted account passwords.
However, the breach notification noted that there has been no evidence to suggest the compromise of Social Security numbers, financial account numbers, and driver's license numbers.
Moreover, up to $300,000 in identified stolen funds have already been restored.