A hockey goalie holding a baby next to a box with the Draft Kings logo on its side

According to new information, tens of thousands of users happily gambling away on DraftKings may have had their personal information stolen due to account info purchased off the sports gambling site.

In a letter dated Dec. 16 that was apparently sent to users that was first reported by BleepingComputer, the company said 67,995 people had their personal details exposed to hackers, adding to the financial hit some accounts experienced in a brute-force hacking attack

Users could have had their names, addresses, phone numbers, and email addresses recorded during the hack. The profile photo, balance, and last four digits of the payment card could have been accessed by the hackers. The CVV code and expiration date are not on the main account page.

The company provided formal notice of the credential stuffing attacks to certain customers in certain countries. The lost amounts have been restored to all users. There is no evidence that user logins came from inside Draft Kings.

According to reports from the time, users were angry with the company after they saw their accounts being stripped of funds. Users tried to get responses from DraftKings support channels as they were gloating about their robbery.

The company said less than $300,000 was taken from user accounts. Liberman said in a statement that they would make any affected customers whole. The company said it had changed the passwords.

BleepingComputer said that an unknown person or persons had been selling the accounts with notes on their deposit balances for $10 to $35 a pop. A $5 deposit allowed for a password change and a new phone number to be used in order to cash out the hacked accounts. There is a list of steps for hacking the Draft Kings accounts.

This hack was caused by usernames and passwords obtained from a third-party source, according to DraftKings. The company implied that the attack was due to users applying their same usernames and passwords on different websites.

Passwords found through outside sources are used by malicious actors to make millions of sign in attempts.

CNBC reported in November that the sports betting app FanDuel had seen an increase in hacking attempts.