| Recurring |
one_organization, multiple_organization |
(a) The software failure incident having happened again at one_organization:
- DraftKings experienced a software failure incident where customers' accounts were hacked, resulting in funds disappearing [135467].
- DraftKings acknowledged that some customers' login information was compromised on other websites and used to access their DraftKings accounts, affecting less than $300,000 of customer funds [135467].
(b) The software failure incident having happened again at multiple_organization:
- Multiple sports betting platforms, including DraftKings, FanDuel, and BetMGM, have seen increased unauthorized activity in accounts, with customers reporting being affected by hackers [135467].
- FanDuel also sent out an email warning customers of a hack impacting some other sports betting websites, indicating that the incident was not limited to a single platform [135467]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident reported in the articles is related to the design phase. The incident involved unauthorized access to sports betting accounts on multiple platforms, including DraftKings, resulting in funds disappearing. Hackers were able to access accounts by finding personal and banking information from the dark web or using compromised login information from other sites. DraftKings stated that the login information of affected customers was compromised on other websites and then used to access their accounts, indicating a design vulnerability in the system that allowed for such unauthorized access [135467].
(b) The software failure incident is also related to the operation phase. Despite some customers having two-factor authentication enabled, hackers were still able to change the account's phone numbers, redirecting the login codes to the hackers' phones. This indicates a failure in the operation or misuse of the system, where security measures like two-factor authentication were bypassed by the hackers, leading to unauthorized access to the accounts [135467]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system: DraftKings reported that they believe the login information of the affected customers was compromised on other websites and then used to access their DraftKings accounts where the same login information was used. They stated that they have seen no evidence that DraftKings' systems were breached to obtain this information, indicating that the failure was due to factors originating from within the system [135467].
(b) outside_system: The article mentions that hackers were able to access accounts by finding personal and banking information to create an account on betting sites from the dark web or by using compromised login information from other sites. This indicates that the failure was also influenced by contributing factors originating from outside the system, such as compromised personal information and passwords [135467]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in this case was primarily due to non-human actions, specifically hacking activities targeting sports betting platforms. The incident involved unauthorized access to customer accounts, resulting in funds disappearing and customers being locked out of their accounts. DraftKings stated that the login information of affected customers was compromised on other websites and then used to access their accounts, indicating that the breach was not a result of direct hacking into DraftKings' systems [135467].
(b) Human actions also played a role in this software failure incident as customers were advised to use unique passwords for DraftKings and all other sites, and not to share their passwords with anyone. Additionally, despite having two-factor authentication, hackers were able to change account phone numbers, allowing them to receive login codes on their own devices [135467]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident reported in the articles does not seem to be related to hardware issues. Instead, it is primarily focused on unauthorized access and hacking activities affecting multiple sports betting platforms [135467].
(b) The software failure incident is attributed to unauthorized access by hackers who exploited compromised login information from other websites to access customers' accounts on sports betting platforms. This indicates a failure in the software's security measures, allowing unauthorized access and fraudulent activities to occur [135467]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident reported in the articles is malicious in nature. The incident involved hackers targeting sports betting platforms, such as DraftKings, to gain unauthorized access to customer accounts and steal funds. The hackers used various methods, including obtaining personal and banking information from the dark web, using compromised login information from other sites, and bypassing two-factor authentication by changing account phone numbers to receive login codes on their own devices. This malicious activity resulted in customers being locked out of their accounts, experiencing unauthorized withdrawals, and facing challenges in reaching customer service for assistance. DraftKings and other platforms are actively investigating the hacking incidents and advising customers to use unique passwords and enhance security measures to protect their accounts from further breaches [135467]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The software failure incident reported in the articles seems to be more related to poor decisions rather than accidental decisions. The incident involved unauthorized access to multiple sports betting platforms, resulting in funds disappearing from customer accounts. The hackers were able to commit fraud by finding personal and banking information from the dark web or using compromised login information from other sites to access betting accounts. Additionally, despite customers having two-factor authentication, hackers were still able to change account phone numbers, allowing them to intercept login codes. This indicates a failure in the platform's security measures and decision-making processes [135467]. |
| Capability (Incompetence/Accidental) |
accidental |
(a) The software failure incident reported in the articles does not seem to be related to development incompetence. The incident was primarily attributed to hackers gaining unauthorized access to accounts by using compromised login information from other websites or the dark web. DraftKings stated that they did not believe their systems were breached to obtain this information, indicating that the failure was not due to incompetence in the development process [135467].
(b) The software failure incident reported in the articles appears to be accidental in nature. Customers' accounts were compromised due to hackers using login information obtained from other sources, rather than a direct breach of DraftKings' systems. DraftKings emphasized the importance of using unique passwords and not sharing them with third-party sites. Additionally, despite having two-factor authentication, hackers were able to change account phone numbers, leading to the code needed for login being sent to the hackers' phones. These aspects suggest that the incident was accidental rather than a result of intentional actions by the development organization [135467]. |
| Duration |
temporary |
(a) The software failure incident described in the articles seems to be more of a temporary nature rather than permanent. The incident involved unauthorized access to accounts on multiple sports betting platforms, resulting in funds disappearing and customers being locked out of their accounts. The platforms, such as DraftKings, FanDuel, and BetMGM, were actively investigating the matter and working on enhancing security measures to prevent further unauthorized access. DraftKings, for example, stated that they believed the login information of affected customers was compromised on other websites and used to access their accounts, rather than their own systems being breached. They also encouraged customers to use unique passwords and not share them with third-party sites. Additionally, DraftKings acknowledged the hacking reports and was investigating the issues, indicating a temporary nature of the software failure incident [135467]. |
| Behaviour |
omission, value, other |
(a) crash: The software failure incident in the article is not described as a crash where the system loses state and does not perform any of its intended functions [135467].
(b) omission: The incident involves a failure where hackers were able to access accounts and make unauthorized withdrawals, indicating an omission in the system's security measures to prevent such unauthorized activities [135467].
(c) timing: The timing of the incident is not specifically mentioned as a factor in the software failure incident [135467].
(d) value: The software failure incident involves a failure where customers' funds were affected, indicating a failure in the system performing its intended functions correctly in terms of managing and safeguarding customer funds [135467].
(e) byzantine: The incident does not exhibit characteristics of a byzantine failure where the system behaves erroneously with inconsistent responses and interactions [135467].
(f) other: The software failure incident in the article involves unauthorized access to accounts, changes in account information, unauthorized withdrawals, and compromised customer data, which could be categorized as a security breach or a hack [135467]. |