Those who don’t update their mobile phone’s operating system or are eager to click on random links in emails make it less challenging for criminals to steal their details. Tap or click here for the one thing you must do if your Facebook is hacked.
But when hackers are after a big payday, they have to take more significant risks. This usually involves breaching the security measures of well-known retailers, service providers or online companies. Unfortunately, this is what happened to the sports betting platform DraftKings.
Read on for details of the breach and what you can do about it if you have an account.
Here’s the backstory
If you have an account with DraftKings, you may have received a letter last week detailing a data breach. The platform suffered from a credential-stuffing hack where criminals exposed the details of 67,000 users.
DraftKings claims that users’ login details weren’t stolen from its servers but through a third party. This is usually when people use the same username and password across multiple websites, making it easy for hackers to gain entry to other accounts.
“In the event an account was accessed, among other things, the attacker could have viewed the account holder’s name, address, phone number, email address, last four digits of a payment card, profile photo, information about prior transactions, account balance, and last date of password change,” explains a letter sent to users.
The letter also makes it clear that DraftKings believe that no Social Security numbers, driver’s license details or financial account numbers were compromised.
What you can do about it
This breach highlights the importance of using unique usernames and passwords across all online accounts. If hackers get hold of your details for one platform, it is only a matter of time before they start trying it on others.
Here are more ways to handle a data breach:
- Create strong, original passwords for all your accounts and don’t reuse any. Can’t keep track of all your unique passwords? Use a password manager. Tap or click here to get started.
- Beware of phishing emails hitting your inbox. Scammers piggyback on breaches by sending malicious emails to trick you into clicking their links that supposedly have important information. Look out for strange URLs, return addresses and spelling/grammar errors.
- Keep an eye on your banking statements for any unusual transactions. If you see anything strange, notify your bank immediately.
- Enable two-factor authentication (2FA) for all your online accounts that offer it. This will make it more difficult for hackers to access your accounts.
- Check haveibeenpwned.com. Enter your email address into this online database to reveal which data breaches you might be involved in.
- Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Get an annual plan with TotalAV for only $19 at ProtectWithKim.com. That’s over 85% off the regular price!
For some users, the breach news came too late, as hackers had already cleared out their DraftKings accounts. However, the company is working with law enforcement and has restored some amounts that were withdrawn.
“We promptly took steps to address these incidents, including initiating an internal investigation, requiring affected customers to reset their DraftKings passwords and implementing additional fraud alerts,” it explained.
Hundreds of national and local news sites hacked to push malware