That’s just it, they were able to change your very insecure sms 2FA phone number, register their own debit card , make a $5 deposit and withdraw your balance to their debit card. And all this time I assumed stateside books had better account security than offshore. This is bush league right here.
im thinking there was a leak of usernames/passwords by DraftKings and then a very organized group found a very clever way of draining all of these accounts overnight, no doubt they worked as a team.
I will say at least draftkings is reimbursing the accounts and there is actual legal recourse as opposed to offshore. Still amateur hour by draftkings.
-
-
lol just joined draft kings but i have double secret login get code on phone and no mfw would i use any 3 rd party to use to login my accoount but how da fawwwk they goona with draw my funds without my bank account info
and i do not save my card at draft kings i always type in all digits exp date and cvvLeave a comment:
-
It has nothing to with any of that Global Payments is the loop hole.Leave a comment:
-
I would agree but I know first hand if someone who uses a password manager and doesn’t use bet tracking software…
It has lead me to believe inside job as JJ said. DK might not be able to pinpoint who/where it came from, so of course they are pointing the finger elsewhere.
I’m not an IT guy but if someone using a random zG17GJ!$7xPgT type password got hacked too, how does Draftkings’ story add up?Leave a comment:
-
-
I registered an account at draft kings when I was in Tennessee earlier this year, was not able to fund it due to my debit card but I did receive the email from Draft Kings at 3 AM this morning. Couple of questions, do they only offer sms for 2FA? If so, that’s not good at all, they should at least offer Google Authenticator in addition to sms. Second question, how are these “hackers” withdrawing customer funds and doing it so quickly? I just assumed there would be steps in place to verify a new withdrawal option not previously used. Thanks!Leave a comment:
-
I am skeptical by default when an issue comes up for reddit users that we are not seeing reported at many other places. I think users there often lie to be part of the drama as well.Leave a comment:
-
I was just referring to the Reddit posts there. For example:
- "Mine was hacked Sunday between the noon and 3PM NFL games. Had a unique password for DK. [...] DK's statement implies this hack comes as a result of bettors using other sites to track their winnings (Action Network, etc.) but I have never done so."
Some also they that the hackers got around the 2FA (which afaik requires a phone verification):
- "Couldn’t tell you how they did it but I had 2FA set to my phone number."
- "They got me, bypassed 2FA, cleaned out my account, and changed my phone number."
Obivously, I don't know how reliable those users are either. But going by the number of poeple posting stuff like that, I don't think DK's statement matches the reported experiences at all.Leave a comment:
-
i have double safety logins on all accounts no body can get in unless they have my phone that gets a 6 digit pass code only good for 10 minutes and if not in my state they are dead to because of geolocation impossible to play in my account even i told them pass code and everything else because they know if your using VPN to block your IP addressLeave a comment:
-
I dont agree it must be at draftkings end.
Draftkings allude to it being a third party site where people enter their DK login/passwords.
"do not share your login info with third party sites for the purpose of tracking betting info".
And so far that explanation matches the reported experiences people are describing.
Not a big surprise a chunk of Reddit users would all get caught up doing that. Advice on SBR would have been to avoid that for sure.Leave a comment:
-
some of the people commenting on Reddit say that they used unique passwords, no additional tools, and still were affected. So, if true, the breach must have happened at DraftKings themselves.Leave a comment:
-
no idea, maybe. Could basically be every site, I guess (although likely US based), as most users use the same login credentials for all accounts anyway. The "hackers" just need to find one site without a proper device/ip based security system then, and it sounds like DraftKings was an easy target in that regard.Leave a comment:
-
Sounds like it might be through some sort of bet tracking site where you give them your login??
Leave a comment:
-
very scary
draft kings has a buggy app and now the security sucks donkey nuts
fanduel i am a little more surprisedLeave a comment:
-
Reports of numerous DraftKings accounts getting compromised
According to reports on Twitter and Reddit, there has been a widespread attack on DraftKings accounts (but others, including FanDuel affected as well) over the weekend, leading to people getting locked out of their accounts and available balances getting withdrawn (or at least attempts to).
DraftKings has confirmed that it happened, but says the data breach was not on their side:
So far the exact origin seems to be unknown indeed, but by the look of it, somehow people got access to loads of login credentials.
So I guess especially everyone using the same login/password on various sites should be careful now, change them, and enable 2FA, if possible.
Leave a comment: