Despite the group assuring that they have ‘seen no evidence that DraftKings’ systems were breached to obtain this information’, the group intends to reimburse customers for any stolen funds, noting it would ‘make whole any customer that was impacted’.
A site like DraftKings is an attractive target. The company pulls in a lot of money, reporting third-quarter revenue of $502 million – a 136 percent year-over-year increase – with $493 million being made in the company's B2C segment.
The information came via a Tweet on DraftKing’s Twitter account on Tuesday, and follows similar reports of compromised customer information via third-party websites.
BetMGM told ESPN that several fraudulent accounts were created on its sports betting app, noting that it was “aware of a potential incident and actively investigating”. One online payment processor for BetMGM and other gambling sites said it was assisting law enforcement with an investigation into “fraudulent accounts set up at unaffiliated third parties using stolen personal information”, it reports.
DraftKings has urged its customers to use unique passwords for its and all other sites, and to not share passwords with anyone, “including third party sites for the purposes of tracking betting information on DraftKings and other betting apps”.
The FBI in August issued an advisory about the threat of credential stuffing, noting that there are numerous publicly accessible websites that offer stolen credential for sale. The agency pointed to two sites that contained more than 300,000 unique sets of stolen credentials, had more than 175,000 registered customers, and had made more than $400,000 in sales.
DraftKings also saw the number of monthly unique paying customers grow 22 percent to 1.6 million, with the average revenue per customer reaching $100, a 114 percent increase
