The sports betting site has told customers that sensitive data belonging to FanDuel users was leaked in the recent MailChimp data breach.
An email sent to FanDuel customers confirmed that their full names and email addresses were accessed as a result of the MailChimp cyberattack and warned them to be on the lookout for potential phishing attacks.
“Recently, we were notified by a third-party technology vendor of transactional emails sent on behalf of customers such as FanDuel, stating that their systems had experienced a security breach that affected several of their customers,” Beep computer Refers to FanDuel’s “Third Party Vendor Security Incident Notification.”
password is safe
“Sunday evening, the vendor confirmed that FanDuel customer names and email addresses were obtained by unauthorized actors. No customer passwords, financial account information or other personal information was obtained in this incident.”
While FanDuel did not name the vendor in the notice, it later confirmed to the media that it was referring to MailChimp.
The company added that since it was not a breach of its internal systems, no sensitive information including “passwords, financial account information or other personal information” was accessed.
While just getting people’s names and emails may not be much, it’s enough to carry out a phishing attack, which can be more damaging and can leave people without access to valuable accounts, private data, and possibly even data from their Access funds in devices and endpoints (opens in a new tab). Now, FanDuel is warning its users to keep their eyes open:
“Be vigilant for email ‘phishing’ attempts claiming that there is a problem with your FanDuel account and that personal or private information is required to resolve the problem,” the notice further states. “FanDuel will never email customers directly and ask for personal information to resolve a problem.”
FanDuel also urges its customers to regularly update their passwords and to ensure that these passwords are kept secure and not concurrently used on other platforms. Additionally, it tells everyone to activate multi-factor authentication (MFA) if they haven’t already.
pass: Beep computer (opens in a new tab)