Reports of numerous DraftKings accounts getting compromised

Collapse
X
 
  • Time
  • Show
Clear All
new posts

  • PD77
    replied
    Originally posted by OldBill
    oooo btw use pay pal no body can get your money becuse they do not know your pay pal password
    That’s just it, they were able to change your very insecure sms 2FA phone number, register their own debit card , make a $5 deposit and withdraw your balance to their debit card. And all this time I assumed stateside books had better account security than offshore. This is bush league right here.
    im thinking there was a leak of usernames/passwords by DraftKings and then a very organized group found a very clever way of draining all of these accounts overnight, no doubt they worked as a team.
    I will say at least draftkings is reimbursing the accounts and there is actual legal recourse as opposed to offshore. Still amateur hour by draftkings.

    Leave a comment:


  • OldBill
    replied
    Originally posted by OldBill
    lol just joined draft kings but i have double secret login get code on phone and no mfw would i use any 3 rd party to use to login my accoount but how da fawwwk they goona with draw my funds without my bank account info

    and i do not save my card at draft kings i always type in all digits exp date and cvv

    oooo btw use pay pal no body can get your money becuse they do not know your pay pal password

    Leave a comment:


  • OldBill
    replied
    lol just joined draft kings but i have double secret login get code on phone and no mfw would i use any 3 rd party to use to login my accoount but how da fawwwk they goona with draw my funds without my bank account info

    and i do not save my card at draft kings i always type in all digits exp date and cvv

    Leave a comment:


  • 2Sweeet
    replied
    It has nothing to with any of that Global Payments is the loop hole.

    Leave a comment:


  • bleedblue
    replied
    Originally posted by Optional
    I am skeptical by default when an issue comes up for reddit users that we are not seeing reported at many other places. I think users there often lie to be part of the drama as well.
    I would agree but I know first hand if someone who uses a password manager and doesn’t use bet tracking software…

    It has lead me to believe inside job as JJ said. DK might not be able to pinpoint who/where it came from, so of course they are pointing the finger elsewhere.

    I’m not an IT guy but if someone using a random zG17GJ!$7xPgT type password got hacked too, how does Draftkings’ story add up?

    Leave a comment:


  • infotimbo
    replied
    Originally posted by PD77
    how are these “hackers” withdrawing customer funds and doing it so quickly? I just assumed there would be steps in place to verify a new withdrawal option not previously used
    my understanding was that they deposited $5 with a new card and then were able to use it to withdraw the remaining balance.

    Leave a comment:


  • PD77
    replied
    I registered an account at draft kings when I was in Tennessee earlier this year, was not able to fund it due to my debit card but I did receive the email from Draft Kings at 3 AM this morning. Couple of questions, do they only offer sms for 2FA? If so, that’s not good at all, they should at least offer Google Authenticator in addition to sms. Second question, how are these “hackers” withdrawing customer funds and doing it so quickly? I just assumed there would be steps in place to verify a new withdrawal option not previously used. Thanks!

    Leave a comment:


  • Optional
    replied
    I am skeptical by default when an issue comes up for reddit users that we are not seeing reported at many other places. I think users there often lie to be part of the drama as well.

    Leave a comment:


  • infotimbo
    replied
    Originally posted by Optional
    I dont agree it must be at draftkings end.
    I was just referring to the Reddit posts there. For example:

    - "Mine was hacked Sunday between the noon and 3PM NFL games. Had a unique password for DK. [...] DK's statement implies this hack comes as a result of bettors using other sites to track their winnings (Action Network, etc.) but I have never done so."

    Some also they that the hackers got around the 2FA (which afaik requires a phone verification):

    - "Couldn’t tell you how they did it but I had 2FA set to my phone number."
    - "They got me, bypassed 2FA, cleaned out my account, and changed my phone number."


    Obivously, I don't know how reliable those users are either. But going by the number of poeple posting stuff like that, I don't think DK's statement matches the reported experiences at all.

    Leave a comment:


  • OldBill
    replied
    i have double safety logins on all accounts no body can get in unless they have my phone that gets a 6 digit pass code only good for 10 minutes and if not in my state they are dead to because of geolocation impossible to play in my account even i told them pass code and everything else because they know if your using VPN to block your IP address

    Leave a comment:


  • Optional
    replied
    Originally posted by infotimbo
    some of the people commenting on Reddit say that they used unique passwords, no additional tools, and still were affected. So, if true, the breach must have happened at DraftKings themselves.
    I dont agree it must be at draftkings end.

    Draftkings allude to it being a third party site where people enter their DK login/passwords.

    "do not share your login info with third party sites for the purpose of tracking betting info".


    And so far that explanation matches the reported experiences people are describing.

    Not a big surprise a chunk of Reddit users would all get caught up doing that. Advice on SBR would have been to avoid that for sure.

    Leave a comment:


  • infotimbo
    replied
    some of the people commenting on Reddit say that they used unique passwords, no additional tools, and still were affected. So, if true, the breach must have happened at DraftKings themselves.

    Leave a comment:


  • infotimbo
    replied
    no idea, maybe. Could basically be every site, I guess (although likely US based), as most users use the same login credentials for all accounts anyway. The "hackers" just need to find one site without a proper device/ip based security system then, and it sounds like DraftKings was an easy target in that regard.

    Leave a comment:


  • Optional
    replied
    Sounds like it might be through some sort of bet tracking site where you give them your login??


    Leave a comment:


  • pologq
    replied
    very scary

    draft kings has a buggy app and now the security sucks donkey nuts

    fanduel i am a little more surprised

    Leave a comment:


  • jjgold
    replied
    Scary stuff

    inside jobs for sure

    Leave a comment:


  • Reports of numerous DraftKings accounts getting compromised

    According to reports on Twitter and Reddit, there has been a widespread attack on DraftKings accounts (but others, including FanDuel affected as well) over the weekend, leading to people getting locked out of their accounts and available balances getting withdrawn (or at least attempts to).



    DraftKings has confirmed that it happened, but says the data breach was not on their side:



    So far the exact origin seems to be unknown indeed, but by the look of it, somehow people got access to loads of login credentials.

    So I guess especially everyone using the same login/password on various sites should be careful now, change them, and enable 2FA, if possible.
SBR Contests
Collapse
Top-Rated US Sportsbooks
Collapse
Working...