DraftKings and FanDuel Cyberattacks: FBI Investigating

Posted on: December 5, 2022, 10:48h. 

Last updated on: December 5, 2022, 11:20h.

The FBI is investigating a recent spate of cybercrime at leading US sportsbooks, including DraftKings and FanDuel, an “industry source” has told ESPN. That’s after the attacks proved to be more sophisticated than first thought.

DraftKings hack
Sophisticated hackers are targeting gamblers online, and may be doing reputational harm to sportsbooks in the fledgling US markets. (Image: iStock/Getty)

DraftKings acknowledged two weeks ago that the login details of some of its customers had been compromised, and that hackers had been able to withdraw funds from customer accounts. The revelation caused shares in the sportsbook to fall 5% on the Nasdaq, investors fearing a drop-off in consumer confidence.

DraftKings denied its system had been breached. It said it believed the customer login details had been found elsewhere on the internet, and that no more than $300K had been stolen in total.

All affected customers would be reimbursed fully, the company added, though some bettors told ESPN last week they had not yet seen their balances reinstated.

Sportsbooks Hypervigilant

DraftKings and FanDuel said the fraudulent activity began occurring on or around November 19. Using stolen credentials, hackers were able to make deposits from bank accounts linked to sportsbook accounts.

The funds were then quickly withdrawn into digital wallets, presumably fraudulently set up in the victims’ names.

FanDuel told ESPN it was still detecting fraudulent activity late last week and had established a task force to tackle the problem.

The hacks have led sports books to become hypervigilant of anything that could constitute suspicious behavior. This has resulted in delays, locked accounts, and increased customer frustration.

News of the attacks came amid reports that members of the poker community have been targeted by hackers using a similar ploy.

Poker Players Hit

Dozens of players reported on social media that they had fallen victim to the scam last month. It typically involved someone fraudulently opening an account on BetMGM in a victim’s name using bogus credentials. That’s before transferring thousands from their bank accounts using a service offered by Global Payments Gaming (GPG) called “VIP Preferred.”

VIP Preferred allows users to deposit funds at numerous online gaming sites, and even land-based casinos, without having to go through the usual strict security checks. That’s provided the user has undergone a more stringent age verification process on another site that uses GPG and that they have a good history of previous transactions.

And so, all the scammers needed to access the players’ bank accounts were rudimentary credentials like a name, address, and the last four digits of a social security number.

Once the funds were transferred to BetMGM, they were quickly withdrawn into a Venmo account controlled by the hacker.

It’s not clear whether this is the exact method that was used to defraud DraftKings and FanDuel customers, or whether these crimes were in any way related.