The FanDuel online sportsbook has told its users to be on the lookout for phishing cyberattacks in the wake of a breach of its email marketing contractor, Mailchimp.
Mailchimp announced its systems were breached on Jan. 11 using stolen employee credentials, allowing threat actors to access 133 accounts on the email marketing platform. One of those compromised accounts was FanDuel, according to an email sent to users and made public by security researcher Graham Cluley, who identified the breached company as Mailchimp.
“On Sunday evening, the vendor confirmed that FanDuel customer names and email addresses were acquired by an unauthorized actor,” the FanDuel email said.
Cluley pointed out that although nothing more than emails and names were exposed, that’s plenty of information for threat actors to launch future phishing attacks.
“I would recommend that FanDuel customers be on their guard and — if they haven’t already done so — enable two-factor authentication on their FanDuel accounts,” Cluley wrote in his blog post about the FanDuel email to customers. “It was kind of FanDuel, in its notification to affected customers, not to mention Mailchimp as the company.”