Case Study

FanDuel Blocks Credential Stuffing and ATO



FanDuel Group is an innovative sports-tech entertainment company that is changing the way consumers engage with their favorite sports, teams and leagues. FanDuel Group’s portfolio includes products for sports betting, casino, daily fantasy sports and horse racing. The premier gaming destination in the United States, the company has more than 12 million customers and a sports betting presence in 50 states.

Alan Murray

Senior Director, Architecture at FanDuel
“We seamlessly integrated Bot Defender at our platform edge [AWS CloudFront] to ensure maximum protection against automated bot attacks, but also to minimize latency. By using AWS CloudFront in conjunction with an edge Lambda function, it was simple to integrate and leverage Credential Intelligence.” 
Human-Case Study-Exclamation Mark Icons@2x


FanDuel experienced unprecedented growth in 2018 following a US Supreme Court ruling that allowed wagers on professional sporting events in the US. As the company’s popularity and product portfolio grew, it became a large target for account takeover (ATO) attacks and experienced up to 10 million malicious login attempts per day. FanDuel originally explored a homegrown bot management tool, but ultimately pivoted to consider vendor offerings instead. 

Human-Case Study-Shield checkmark icon@2x


FanDuel implemented HUMAN Bot Defender because of its ability to protect against the volume of attacks its platform had to endure. In addition, Bot Defender delivered the following benefits that allowed FanDuel to mitigate ATO attacks without sacrificing their users’ online experience:

  • Accurate bot protection based on behavioral analytics, advanced machine learning techniques and predictive models that blocks a wide range of automated attacks 
  • Custom parameters allowed FanDuel to store specific data points, which was a key differentiator for the company
  • Seamless integration with AWS CloudFront allowed FanDuel to integrate Bot Defender via an edge Lambda function, preserving page load performance and ensuring low latency
  • Improved efficiency and optimized the use of FanDuel’s internal security resources and infrastructure costs.
  • Helpful customer support available 24/7/365 via Slack, email or phone.
In addition to Bot Defender, FanDuel was impressed with HUMAN’s innovative product portfolio. They were particularly interested in Credential Intelligence, a cloud-native web app security solution that flags and stops logins with compromised credentials in real time. Credential Intelligence proactively mitigates credential stuffing attacks, allowing FanDuel to get ahead of account fraud.


Bot Defender turned away 99.9% of malicious inbound traffic to FanDuel’s site. The solution routinely blocked more than 3,000 bad login attempts per second, even though these requests had already passed through a web application firewall (WAF) and other traditional security controls.
The added protection of Credential Intelligence gave FanDuel an early-warning system for stolen credentials and proactively mitigated account fraud. By using Credential Intelligence, FanDuel reduced the economic viability of credential stuffing attacks on its site and deterred future attempts. 
HUMAN bot mitigation solutions are continuously evolving to keep up with new technologies and threats from bad actors. Together, Bot Defender and Credential Intelligence have helped prevent ATOs and protected FanDuel’s reputation and bottom line.

Connect with Us
to Learn More How HUMAN Can Mitigate ATO and Credential Stuffing Attacks for You

Related Resources