IMGL Magazine January 2023

CYBER SECURITY

Getting up to speed with cyber security AS REGULATORS RUSH TO RAISE THE CYBER SECURITY BAR, THE INDUSTRY HAS PLENTY OF REASONS TO GET AHEAD OF THE HACKERS SAYS PHIL SAVAGE

Recent high profile instances of online sports betting companies being hacked and consumer data and funds being stolen have rattled consumers. The breaches have resulted in knees being jerked by operators, regulators and investors alike whilst trade bodies have commissioned reports and convened working groups to help tackle the problem. Cyber security is not a new challenge but there are new reasons to take it seriously. A November cyber breach at DraftKings, resulted in six-figure losses from customer accounts. The company played down the breach saying that it had found “no evidence that DraftKings’ systems were breached” and that they had “identified less than US$300,000 of customer funds that were affected”. 1 However, the scale of unauthorized intrusions reported on social media led industry experts to question whether the number could be substantially higher. This fear turned to fact when Draftkings filed a data breach notification 2 with the Main Attorney

General’s office disclosing that the data of 67,995 people was exposed in the incident. The company said the attackers obtained the credentials needed to log into the customers’ accounts from a non-DraftKings source. The filing said that hackers could have viewed multiple data points including the account holder’s name, address, phone number, email address, the last four digits of their payment card, profile photo, transaction details, account balance and the date of the last password change. They clarified there was currently no evidence that the attackers accessed Social Security numbers, driver’s license numbers or financial account numbers. The attack was a so-called credential stuffing breach where data obtained elsewhere was used speculatively to log-in to Draftkings customer accounts. In this type of attack actors use automated tools to make repeated attempts (up to millions at a time) to gain access to user accounts using credentials (commonly in user/password pairs) stolen from other online

1 https://twitter.com/DK_Assist/status/1594769117894279168 2 https://www.documentcloud.org/documents/23466375-experian_i7501_cooley-llp-draftkings_l01_sas_0

PAGE 22

IMGL MAGAZINE | JANUARY 2023

Made with FlippingBook flipbook maker