On October 15th, I received two emails confirming withdrawal requests. One was for an even amount, the second for the remaining balance. I then had a third email confirming a 3 day self exclude. Seeing this, I immediately contacted support and told them my account has been compromised and to please freeze the account and cancel all withdrawals immediately. Right when I saw the emails, I tried changing my password. I was unable to access my account at all. I tried doing “forgot password” to send a link to my email many times and not once did I get that email allowing me to regain control of my account.. It is now two days later and many tries to regain control of the account and I have yet to receive a single email allowing me to reset my password.
The email I received from support:
This is Bradley, on behalf of the accounts team here at FanDuel. Please read this entire email and respond accordingly.
In doing our audits of accounts we detected that someone guessed your password and accessed your account (likely from a breached email list on another website where the password was the same as your FanDuel account). We previously refused (or refunded) the attempted withdrawal back to your account. This can be seen in your transaction history here:
We simply would like to quickly resolve the issue so that you can get back to enjoying FanDuel.
You will need to do a manual password reset, and enter a new password that is unique to your FanDuel account, before logging into your account next time. This can be done from the log-in page by selecting the “Forgot your password?” link below the log-in area, which is located here:
Additionally, you will need to update your W8/W9 form with your information. You can find that form here:
We also suggest you enable two factor authentication here:
PLEASE CONFIRM BY REPLYING HERE once you’ve reset your password and updated your W8/W9 information!
Please don’t hesitate to reach out if you have any questions.
I then emailed Bradley back (nearly 24hr ago now) telling him that the link he provided to change my password also did not work. I have still received no emails allowing me to regain access to my account.
Since he has not responded, I went to the FD site to check on the support ticket to be sure my prior emails had gone through (unanswered for a long period) . It prompts me to log in with my login info saved. I assumed it would not work, but to my surprise, it allows me to log in. I then see my balance is yet again at zero, so I go to the transactions page, and there is a withdrawal processed for the full amount of my account.
At no point have I been able to reset my password or regain control of my account and for some reason they decided to unfreeze my account and allow this person to have another chance at stealing all the money in my account?
I then call them, which goes straight to voicemail. I receive no response there either. Now, I bring up the support chat on the site and this is how that conversation goes down..
Hi, thanks for contacting FanDuel Support.
2 days ago someone hacked my account and attempted to withdraw money
spoke to support and they confirmed such and froze my account
Let me take a look into this for you.
for 2 straight days i have not been able to get the password reset to work. the function does not work on the site
you never send the email
Your account under jkidd1084 right?
i told them this and i have gotten no response in nearly 24hr now
xxxxxxx is the email, is this correct?
so i go to check the help desk on the site
and the saved login info now works
account balance is zero
go to transactions and you allowed a full withdrawal
so clearly you did not freeze my account like you said you did when you KNEW IT WAS COMPROMISED
I can follow up with a new password reset link.
i have tried 10 times now for 2 days, it never sends the email
so i have not been able to secure my account, which is why it was to be frozen
We did freeze your account and reviewed everything and reactivated your account.
i told you someone had hacked my account
and was never able to change my password
why would you ever unfreeze a hacked account before the owner of it is even able to change the password on it?
I can follow up with a unique password reset link via email.
please cancel all withdrawals IMMEDIATELY
this is insane
I just did this.
I can follow up with a unique password reset link.
Is there anything else you need help with?
i’d like you to stay on here
until i can regain control of my account
since you are completely incapable of securing an account
i have still not received anything to reset my password
I am not sure what you are referring to sir, I just got in touch with you.
I can only send this link via email.
and i am telling you that something is wrong with your system
because i have not gotten these password reset emails for 2 straight days now
i’ve gone through the site, i’ve gone through links support sends me
nothing sends the email
and no, its not in a spam folder, or any other folder
I understand this sir, and you have access to this email – xxxxxxxxx?
Sure, I can follow up via email once this chat is over.
and i have received zero emails despite my many many requests to change my password. the account was hacked DAYS AGO and you have done nothing to help me secure it. You’ve in fact done the complete opposite and unfroze it and allowed the hacker to withdraw my money AGAIN
I can understand your frustration sir. I can follow up with an email to help you reset your password.
thats what i was doing with someone
and he has since not responded for almost 24hr
as people continue to steal my money
your security should have your business shut down. you have no ability to protect your customers funds
I cancelled your withdrawal. If you would feel more safe I can suspend your account again and send you through the ATO process again.
what ATO process? Again?? I didn’t go through a process man. the previous support guy has ghosted me and you reopened my account without me even being able to change my god damn password, allowing the hacker to withdraw my money AGAIN. Yes, freeze my god damn account until I am able to secure it.
So yea, they confirm someone hacked my account, cancelled the withdrawals and froze my account, then failed to allow me to regain control of it while they mysteriously reopened the account, allowing them to withdraw my funds yet again. They didn’t even flag the withdrawal at all, just processed it, no problem.
Felt it was necessary to post, as this is some of the worst security I have ever witnessed on a site that is holding actual funds for people. Extremely alarming.
FWIW I have STILL not been assisted in changing my password to regain access and to secure my account and it is now been multiple days.