
To hear our podcast click here
Howard: I want to start with news of the theft of money from subscribers to the DraftKings fantasy sports betting site. DraftKings is an American-based sport and casino betting site available in several countries. On Monday (Nov. 21), there were news reports of users noticing funds had been withdrawn from their accounts. One person told a reporter that his email was spam around the same time.
The company told reporters that some US$300,000 was withdrawn without permission from user accounts. An official said the company’s IT systems weren’t compromised. So, it believes victims weren’t careful creating separate usernames and passwords for DraftKings. Their credentials were used elsewhere, stolen by crooks who then successfully used them on the DraftKings site.
Terry, if true, this is another example of people being careless.
Terry Cutler: This is a case of people who don’t want to deal with cyber security until it’s too late. It would have affected all users if this were a problem with the DraftKing site. We’re dealing with about five percent of their user base [affected] because they’re worth $6.5 billion.
This is classic password reuse [problem]. If these folks were cyber-educated, they would have turned on two-step verification. Ironically, [competing site] Fan Duel tweeted around the same time, saying, “Make sure you change your passwords and then set up two-step verification,” because someone was trying to hack their accounts. Interestingly, this is the perfect example of an unrelated third party advising there’s a problem. If you’re dealing with money, turn on your two-step verification.