Late last year, an 18-year-old hacker brought in some accomplices to hack 1,600 DraftKings accounts of $600,000. A court document, first mentioned on CNBC, alleged that Joseph Garrison broke into accounts of an unnamed sports betting/fantasy sports website, since confirmed as DraftKings, according to LSR.
Here is DraftKings’ statement:
“The safety and security of our customers’ personal and payment information is of paramount importance to DraftKings. We worked with law enforcement in catching the alleged bad actor(s), and we want to thank the Department of Justice, including the FBI and U.S. Attorney, Southern District of New York, for their prompt and effective action.
“As we stated previously, bad actor(s) were able [to] use login credentials obtained from a third-party source to gain access to certain user accounts. When the identified credential stuffing incident occurred in November 2022, DraftKings provided notice to customers in relevant jurisdictions and restored amounts for a limited number of users who may have had funds improperly withdrawn from their accounts.”
Garrison also held an impromptu education session on how to withdraw funds from stolen accounts. Under the process as laid out by the mastermind, buyers entered their own phone number into an account to enable two-factor authentication, deposited a small amount to verify a bank account and then withdrew the funds to that account.
Unfortunately for Garrison and his conspirators, both DraftKings and undercover agents bought some of the accounts.
Garrison is being charged with six federal crimes:
- Conspiracy to Commit Computer Intrusions
- Computer Fraud – Unauthorized Access to a Protected Computer to Further Intended Fraud
- Computer Fraud – Unauthorized Access to a Protected Computer
- Wire Fraud Conspiracy
- Wire Fraud
- Aggravated Identity Theft
The DraftKings hack was one of many such attacks on sportsbook operators in 2022.
FanDuel was hit during the same November attack, ESPN said. But the hack failed for all intent. “Our security did its job,” said a spokesman.
Fake poker accounts were established in the name of prominent poker players, also in November, with accounts being opened at BetMGM, ESPN also reported.
And, If being hacked wasn’t enough, DraftKings awaits a penalty from the Massachusetts Gaming Commission (MGC) for accepting over 800 unapproved tennis bets.
The UTR Pro Series is kind of like the AAA level of baseball. The event takes place around the globe with players, some ranked. In March, DraftKings took more than $7,000 in bets on the competition on three events. The problem was, UTR is not an approved sporting event in Massachusetts, according to PlayMA.com.
DraftKings self-reported the violation, the operator’s first for noncompliance, but they will still be fined after a future ruling is delivered
They took 864 bets on three UTR Pro Series tennis events from March 10-22, 2023. Total handle came out to be $7,867.
- Barcelona, Spain UTR Pro Series event: 68 bets totaling $965.47
- Newport Beach, California: 22 bets totaling $589.41
- Tigray, Argentina: 774 bets totaling $6,312.12
According to a report from the Investigations and Enforcement Bureau of the MGC, DraftKings lays blame on an internal miscommunication between trading and compliance teams.
All wagers were voided, and stakes returned to both winners and losers.
The MGC has yet to issue decisions on prior alleged non-compliance involving Encore Boston Harbor casino and WynnBET, or on illegal bets offered by Plainridge Park Casino. Both incidents involved the offering of bets on in-state college teams, As far as DraftKings, the commission will wait until a hearing is held.
