Security News > 2024 > January > US charges two more suspects with DraftKing account hacks

US charges two more suspects with DraftKing account hacks
2024-01-30 21:28

The U.S. Department of Justice arrested and charged two more suspects for their involvement in the hacking of almost 68,000 DraftKings accounts in a November 2022 credential stuffing attack.

One month later, DraftKings said it had refunded hundreds of thousands of dollars stolen from 67,995 customers whose accounts were hijacked in the incident.

According to the complaint, Nathan Austad and Garrison used a list of credentials collected from other breaches to hack into the DraftKings accounts and then sold access to the accounts to others who stole around $635,000 from roughly 1,600 compromised accounts.

Together, the defendants also devised a method allowing buyers of the stolen DraftKings accounts to withdraw all available funds.

They instructed their "Customers" to add a new payment method to the compromised accounts, deposit $5 through the newly added payment method to verify its validity, and then withdraw all existing funds to a separate financial account under their control.

During the same period in November, FanDuel customers reported account compromises after credential-stuffing attacks, with stolen accounts sold on cybercrime marketplaces for as little as $2. According to court documents, Garrison ran the "Goat Shop" website, selling hijacked DraftKings and FanDuel accounts, making $2,135,150.


News URL

https://www.bleepingcomputer.com/news/security/us-charges-two-more-suspects-with-draftking-account-hacks/