"Two More Individuals Charged for DraftKings Hacking"

Two more individuals have recently been indicted for their role in a credential stuffing attack resulting in unauthorized access to thousands of user accounts at a fantasy sports and betting website.  According to the Department of Justice (DoJ), the individuals, Nathan Austad, 19, of Farmington, Minnesota, and Kamerin Stokes, 21, of Memphis, Tennessee, allegedly participated in compromising the accounts using usernames and passwords obtained from other data breaches and attempted to sell access to the accounts.  A third co-conspirator, Joseph Garrison, was indicted on May 18, 2023, for his involvement in the scheme.  Garrison surrendered himself on the same day and pleaded guilty in November.  He is scheduled for sentencing on February 1.  The targeted website appears to be DraftKings, which announced in November 2022 that roughly 60,000 user accounts were compromised in a credential stuffing attack. According to court documents, in November 2022, Austad and Garrison accessed roughly 60,000 user accounts at the target fantasy sports and betting website.  By registering a new payment method, the individuals were able to withdraw all the existing funds from the victims' accounts. The fraudsters allegedly also sold access to the compromised accounts in bulk through various underground shops, including shops that they directly controlled.  In total, Austad, Stokes, Garrison, and others are estimated to have stolen approximately $600,000 from roughly 1,600 victim accounts.  Austad and Stokes, who were arrested on January 29, have been charged with conspiracy to commit computer intrusion, unauthorized access to a computer, wire fraud, wire fraud conspiracy, and aggravated identity fraud.  If found guilty, they face up to 20 years in prison.

SecurityWeek reports: "Two More Individuals Charged for DraftKings Hacking"