FanDuel, a popular sports betting site, sent an email warning to its customers last night about a data breach incident caused by one of its third-party vendors.
While it didn’t mention who it was, we related that to MailChimp – which disclosed a data breach incident last week, affecting several of its customers. FanDuel asked its users to remain vigilant about potential cyberattacks and change passwords to secure.
An Indirect Data Breach at FanDuel
With millions of active users every month, FanDuel is a fairly popular online sportsbook platform that manages regulated betting on several sports. Its accounts are so important that hackers often target them with credential stuffing attacks and sell the stolen accounts in dark web marketplaces.
And an indirect data breach is now causing FanDuel to safeguard its users with strong warning emails. On the subject of “Notice of Third-Party Vendor Security Incident”, FanDuel sent emails to its users last night – where it asked them to stay cautious.
It’s due to one of its third-party vendors – which suffered a data breach incident last week – affecting several of its customers; where FanDuel is one among them. Though it didn’t mention the name of its third-party vendor, BleepingComputer confirmed it to be MailChimp.
On January 13th, MailChimp disclosed a data breach incident triggered by social engineering on one of its employees, where his account credentials were stolen to access the sensitive data of some of MailChimp’s customers.
Citing this, FanDuel asked its users to stay vigilant on potential cyberattacks impersonating the FanDuel brand, asking for sensitive information or money. It said;
“FanDuel will never email customers directly and request personal information to resolve an issue.”
Assuring that no financial, password, or other key information has been affected in this incident, FanDuel asked users to update their passwords frequently, enable multi-factor authentication (MFA) on their accounts, and not click on links in attempted password resets that a customer did not initiate.