Credential Stuffing Attack Targets DraftKings Users

The sports gambling company DraftKings has been targeted by a credential stuffing campaign where attackers used stolen logins from other data breaches. While the company found no evidence its own systems were breached, unauthorized access to some user accounts may have exposed data like names, addresses, and transaction details. In response, DraftKings is forcing password resets for affected users and has implemented additional security safeguards. The incident was contained quickly, but it underscores the risks of password reuse across different services. All users are strongly urged to reset their passwords and enable multi-factor authentication to protect their accounts.

Latest mentioned: 10-08

Earliest mentioned: 10-07

Sources

bleepingcomputer.com securityaffairs.com cybersum.net

Also Read

Beast Ransomware Emerges as Major Cyber Threat

Beast ransomware, a sophisticated Ransomware-as-a-Service (RaaS) operation, has emerged as a significant cybersecurity threat. It employs aggressive network propagation tactics using SMB port scanning to infiltrate and encrypt systems across enterprise environments. The ransomware has targeted organizations worldwide since July 2025, affecting diverse sectors including manufacturing, healthcare, and education. It uses phishing campaigns and the Vidar Infostealer to gain initial access. The malware includes geofencing logic to exclude certain regions, suggesting connections to specific geographical areas. It utilizes the ChaCha20 algorithm for encryption and includes a hidden GUI for manual control. Organizations must prioritize preventive measures and early detection capabilities to defend against this threat.

10-29Read more →