Online gambling firm FanDuel had its customers' names and email addresses compromised during the MailChimp data breach this month, according to BleepingComputer.
MailChimp, which provides transactional emails for FanDuel, had its internal customer support and administration tool using employee credentials obtained in a social engineering attack, resulting in the theft of 133 customers' "audience data."
"On Sunday evening, the vendor confirmed that FanDuel customer names and email addresses were acquired by an unauthorized actor. No customer passwords, financial account information, or other personal information was acquired in this incident," said FanDuel.
FanDuel has urged its customers to be vigilant against phishing attempts concerning their accounts. Customers have also been advised to adopt frequent password updates, activate multi-factor authentication, and be wary of links sent as part of attempted password resets they have not initiated.
"FanDuel will never email customers directly and request personal information to resolve an issue," said FanDuel in an email.
Malware-free intrusions have become the leading cybersecurity threat against small- to medium-sized businesses, accounting for 56% of all cyber incidents during the third quarter, SiliconAngle reports.
Four high-severity Microsoft Exchange flaws reported by Trend Micro's Zero Day Initiative were noted by Microsoft to have been addressed or not need immediate servicing as required authentication would significantly reduce their odds of being exploited, SecurityWeek reports.
Email security: The current threat landscape, the latest tools/techniques
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news