FanDuel Sportsbook Bettors Exposed in Mailchimp Breach

Amid all the NFL playoff action, FanDuel has sent an email warning to gamblers that their data was exposed in its third-party breach, putting them at risk for phishing attacks.

Dark Reading Staff, Dark Reading

January 23, 2023

1 Min Read
Online gamblers reacting to laptop
Source: Andrea De Martin via Alamy Stock Photo

The FanDuel online sportsbook has told its users to be on the lookout for phishing cyberattacks in the wake of a breach of its email marketing contractor, Mailchimp.

Mailchimp announced its systems were breached on Jan. 11 using stolen employee credentials, allowing threat actors to access 133 accounts on the email marketing platform. One of those compromised accounts was FanDuel, according to an email sent to users and made public by security researcher Graham Cluley, who identified the breached company as Mailchimp.

"On Sunday evening, the vendor confirmed that FanDuel customer names and email addresses were acquired by an unauthorized actor," the FanDuel email said.

Cluley pointed out that although nothing more than emails and names were exposed, that's plenty of information for threat actors to launch future phishing attacks.

"I would recommend that FanDuel customers be on their guard and — if they haven't already done so — enable two-factor authentication on their FanDuel accounts," Cluley wrote in his blog post about the FanDuel email to customers. "It was kind of FanDuel, in its notification to affected customers, not to mention Mailchimp as the company."

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights