BetMGM and DraftKings Data Breach
Share this:
MGM Resorts, earlier this year, suffered 142 million customer records leaked on Telegram from the 2020 breach; BetMGM, an online casino owned by MGM Resorts, is the latest to suffer a data breach.
The data breach resulted in the leaning of data of 1.57 million of its customers. The attacker placed the stolen database up for sale the same day on BreachedForums.
BetMGM confirmed the attack by posting a statement on its website on the same date, i.e., December 21st, 2022. The statement revealed that the hackers gained unauthorized access to its system and stole patron records and suspected the breach would have happened in May 2022.
The attacker claimed the database contained records dating from November belonging to every customer who had placed a casino wager. The message was posted on December 21st, 2022. The hacker also shared data samples. But it’s not clear that how much they demanded to sell the database.
Customers PII were stolen, but there were no evidences of passwords being accessed. Still BetMGM urges its customers to change passwords and has promised to offer impacted customers free identity restoration and credit monitoring services for up to two years.
DraftKings has suffered a data breach resulting in loss of private data of 68,000 customers. It became a victim of a credential stuffing attack where the attackers used previously leaked credentials to access to’ user accounts’ and steal personal data.
The hackers also withdrew funds from victims’ accounts. It has been confirmed by the founders that the attackers stole $300,000 from victims’ accounts. The incident occurred in November.
DraftKings stated that it would restore the stolen funds and sent notification letters to affected customers on Friday, informing them about the leaking of their data.
Based on our investigation to date, we believe that attackers may have previously gained access to your username or email address and password from a non-DraftKings source and then used those credentials to access your DraftKings account.
DraftKings Statement
Customers PII were stolen, but there is no evidence that hackers stole Social Security Numbers, financial account numbers, and driver’s license numbers. DraftKings urged customers to change their account credentials and reset passwords immediately.
