Sensitive data belonging to the FanDuel users was compromised in the recent MailChimp data breach, the sports betting site has told customers.
An email sent to FanDuel customers confirmed their full names and email addresses were accessed as a consequence of the MailChimp cyberattack, and warned them to stay vigilant against potential phishing attacks.
“Recently, we were informed by a third-party technology vendor that sends transactional emails on behalf of its clients like FanDuel that they had experienced a security breach within their system that impacted several of their clients,” BleepingComputer cited a FanDuel ‘Notice of Third-Party Vendor Security Incident’.
Passwords are safe
“On Sunday evening, the vendor confirmed that FanDuel customer names and email addresses were acquired by an unauthorized actor. No customer passwords, financial account information, or other personal information was acquired in this incident.”
While FanDuel did not name the vendor in the notification, it later confirmed to the media that it was referring to MailChimp.
The company also added that as this was not a breach of its own internal systems, sensitive information including “passwords, financial account information, or other personal information” was not accessed.
While just getting people’s names and emails might not be much, it’s enough for a phishing attack which could be more devastating, and could result in people losing access to valuable accounts, private data, and possibly even money from their devices and endpoints (opens in new tab). Now, FanDuel is warning its users to keep both eyes open:
“Remain vigilant against email “phishing” attempts claiming an issue with your FanDuel account that requires providing personal or private information to resolve the problem,” the notification further claims. “FanDuel will never email customers directly and request personal information to resolve an issue.”
FanDuel also urged its customers to regularly update their passwords, and to make sure those passwords are strong and not used on other platforms at the same time. Furthermore, it told everyone to activate multi-factor authentication (MFA) if they haven’t already done so.
Via: BleepingComputer (opens in new tab)