Weeks after thousands of DraftKings customers fell victim to a comprehensive data breach on the weekend before Thanksgiving, the company provided additional details about a massive cyberattack that has rocked the sports betting industry.
In many respects, DraftKings identified a method of intrusion that cyber experts suspected from the outset. According to a data breach notification filed with the Maine Attorney General’s Office, DraftKings spotted a host of suspicious log-ins to certain accounts indicative of a technique known as “credential stuffing.”
A breach carried out through credential stuffing typically occurs when a hacker uses log-in credentials from third-party sites to gain access to a user’s account.
