>
Sensitive data belonging to the FanDuel users was compromised in the recent MailChimp data breach, the sports betting site has told customers.
An email to FanDuel customers confirmed that their full names and email addresses had been used as a result of the MailChimp cyberattack and warned them to remain vigilant for potential phishing attacks.
“Recently, we were informed by a third-party technology vendor that sends transactional emails on behalf of its customers like FanDuel that they had experienced a security vulnerability in their system that affected several of their customers,” Beeping computer cited a FanDuel ‘Notice of Third-Party Vendor Security Incident’.
Passwords are safe
“Sunday evening, the vendor confirmed that FanDuel customer names and email addresses were obtained by an unauthorized actor. No customer passwords, financial account information, or other personal information was obtained in this incident.”
Although FanDuel did not name the vendor in the report, it later confirmed to the media that it was referring to MailChimp.
The company also added that since this was not a breach of its own internal systems, sensitive information, including “passwords, financial account information or other personal information”, was not accessed.
While it may not be much to just get people’s names and emails, it’s enough for a phishing attack that can be more devastating and result in people losing access to valuable accounts, private data, and possibly even money from their lose devices and endpoints (opens in new tab). Now FanDuel warns its users to keep both eyes open:
“Remain vigilant against ‘phishing’ email attempts claiming a problem with your FanDuel account that requires personal or private information to resolve the issue,” the notification further claims. “FanDuel will never e-mail customers directly email and ask for personal information to resolve a problem.”
FanDuel also urged its customers to update their passwords regularly and make sure those passwords are strong and not used on other platforms at the same time. In addition, it told everyone to activate multi-factor authentication (MFA) if they hadn’t already.
Through: Beeping computer (opens in new tab)