FanDuel says user data may have been stolen in recent MailChimp breach
Sensitive data belonging to FanDuel users was compromised in the recent MailChimp data breach, the sports betting site has informed customers.
An email sent to FanDuel customers confirmed their full names and email addresses were accessed as a result of the MailChimp cyber attack, and warned them to be on the alert for phishing attacks. potential.
“We were recently notified by a third-party technology provider that emailed transactions on behalf of their customers such as FanDuel that they had encountered a security vulnerability in their systems that affected them. to some of their customers,” BleepingComputer cited FanDuel’s ‘Third Party Provider Security Incident Notice’.
“On Sunday evening, the supplier confirmed that the FanDuel customer’s name and email address was obtained by an unauthorized actor. No passwords, financial account information or other personal information were available. from the customer was obtained in this incident.”
Although FanDuel did not name the vendor in the announcement, FanDuel later confirmed to the media that they were referring to MailChimp.
The company also added that because this was not a breach of its own internal systems, sensitive information including “passwords, financial account information or other personal information” was not accessed. .
While just getting people’s names and emails might not be much, it’s enough for a phishing attack that could be more devastating and could cause people to lose access to valuable accounts, data. individuals and possibly even money from their devices and final point (opens in a new tab). Now, FanDuel is warning its users to stay awake:
“Be wary of ‘phishing’ attempts to email a problem with your FanDuel account asking for personal or private information to resolve the issue,” the announcement continued. “FanDuel will never email a customer directly and ask for personal information to resolve an issue.”
FanDuel also urges its customers to regularly update their passwords and ensure that those passwords are strong and are not used simultaneously on other platforms. Furthermore, it requires people to enable multi-factor authentication (MFA) if they have not already done so.
Via: BleepingComputer (opens in a new tab)