A security breach has been detected at FanDuel's sportsbook and betting site, which exposed customers' names, email addresses, and payment information. This occurred in January 2023, when MailChimp's security was breached. A security advisory urges users to be wary of phishing emails and stay vigilant against them.
An employee's credentials were stolen by hackers using a social engineering attack on MailChimp's website on January 13th, according to an announcement from the company.
To steal the "audience data" of 133 users, the threat actors used these credentials to log in to an internal MailChimp tool and access customer support and administration information.
It is imperative to note that MailChimp customers receive different audience data. However, generally, it contains the names and email addresses of customers, or potential customers, who receive marketing emails about the products and services they are interested in.
During the MailChimp breach, FanDuel sent an email to its customers last Thursday informing them that they were the victims of a cyberattack by threat actors.
According to an email received by FanDuel from an outside technology vendor that sends transactional emails on behalf of its clients, such as FanDuel, the vendor had recently experienced a security breach that affected several of its clients due to a security breach within their system, reads a report published by FanDuel titled 'Notice of Third-Party Vendor Security Incident.'
FanDuel's vendor confirmed on Sunday evening that unauthorized individuals gained access to the names and email addresses of customers registered on FanDuel's site. No passwords for individual accounts or financial information were leaked in this incident.
According to FanDuel, the breach was not a breach of their servers or the personal information of FanDuel users, and the hackers did not acquire any "passwords, financial account information, or other sensitive information" as a result of the breach.
Even though the notification to BleepingComputer did not specify which third-party vendor had been breached, FanDuel has confirmed that MailChimp was the source of the breach to BleepingComputer.
As a result of the recent data breach by FanDuel, the company is encouraging its customers to "remain vigilant" against phishing attacks and attempts to take over their accounts.
A FanDuel security incident email warns, "Be aware that emails that claim to be from FanDuel may pose a problem with your account that requires you to provide unique or personal information to resolve it." People should remain vigilant against email "phishing" attempts.
There is no way for FanDuel to send direct emails to customers and ask for personal information to resolve a dispute.
As well as warning customers about the importance of updating their passwords frequently, FanDuel also wants customers to know that they should enable multi-factor authentication (MFA) on their accounts and avoid clicking on links within password reset attempts that don't originate from them.
The stolen MailChimp data has not yet been used in an attack. There are no indications that it will be used in such an attack. However, in the past, malicious actors have abused this type of stolen data in phishing attacks.
There was a security breach of MailChimp in April 2022, which led to threat actors stealing marketing email data for the Trezor smart wallet, a hardware wallet.
To steal cryptocurrency wallets, these data were then used in a phishing campaign. In this campaign, malicious software was instructed to push malicious software to be shown on the browser by claiming to be fake data breach notifications.
Furthermore, FanDuel accounts are increasingly becoming a target of credential stuffing attacks, with threat actors actively targeting the account of customers through this method [1,2,3].
A cybercrime marketplace can sell these accounts for as little as $2 or as much as $7. This depends on the account's balance or the payment information it has been linked to.
It would be more difficult to steal an account if you enabled multi-factor authentication with an authentication app on your FanDuel account. Even though an identity hacker may get access to the credentials of a customer, this is still the case.
In many cases of account compromises, the login credentials for other sites are used in the compromise of one's account and then the data of the user is stolen. Once these credentials have been obtained, a threat actor uses them to log into other websites and attempt to access their accounts.
For this reason, you should use a password manager to store all your passwords. You should also create a unique password for every site where you log in. This will ensure that a breach on one website does not affect you on another.
