DraftKings hacker 'Snoopy' sentenced to 18 months in prison
In November 2022, a cyberattack on DraftKings compromised nearly 68,000 user accounts through credential stuffing exploiting weak or reused passwords. The attackers added payment methods to 1,600 accounts and stole approximately $600,000. Nathan Austad, alias "Snoopy," was sentenced to 18 months in prison for his role in the attack, having sold access to stolen accounts and profited from the scheme. Other co-conspirators have also been sentenced. The attack highlights risks from credential reuse and account takeover but does not describe a specific software vulnerability or patch.
AI Analysis
Technical Summary
The DraftKings cyberattack involved credential stuffing attacks that exploited weak or reused user credentials to access customer accounts. Attackers added payment methods under their control to some accounts and stole funds. Nathan Austad, known as "Snoopy," was convicted and sentenced for his role in the conspiracy, which included selling access to compromised accounts. The incident is a criminal case involving account compromise rather than a disclosed software vulnerability. No technical vulnerability details or patches are provided.
Potential Impact
Approximately 67,995 DraftKings user accounts were compromised, with attackers adding payment methods to 1,600 accounts and stealing about $600,000. The attackers also profited by selling access to compromised accounts. This resulted in financial loss to users and damage to DraftKings' customer trust. There is no indication of a software flaw or ongoing exploit beyond credential stuffing attacks exploiting weak or reused passwords.
Mitigation Recommendations
No specific software patch or fix is indicated. Mitigation focuses on preventing credential stuffing attacks by enforcing strong, unique passwords and multi-factor authentication for user accounts. Users should avoid password reuse and monitor accounts for unauthorized activity. DraftKings and similar services should implement protections against credential stuffing, such as rate limiting and anomaly detection. Since this is a criminal case outcome, no direct remediation or patch is applicable.
DraftKings hacker 'Snoopy' sentenced to 18 months in prison
Description
In November 2022, a cyberattack on DraftKings compromised nearly 68,000 user accounts through credential stuffing exploiting weak or reused passwords. The attackers added payment methods to 1,600 accounts and stole approximately $600,000. Nathan Austad, alias "Snoopy," was sentenced to 18 months in prison for his role in the attack, having sold access to stolen accounts and profited from the scheme. Other co-conspirators have also been sentenced. The attack highlights risks from credential reuse and account takeover but does not describe a specific software vulnerability or patch.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The DraftKings cyberattack involved credential stuffing attacks that exploited weak or reused user credentials to access customer accounts. Attackers added payment methods under their control to some accounts and stole funds. Nathan Austad, known as "Snoopy," was convicted and sentenced for his role in the conspiracy, which included selling access to compromised accounts. The incident is a criminal case involving account compromise rather than a disclosed software vulnerability. No technical vulnerability details or patches are provided.
Potential Impact
Approximately 67,995 DraftKings user accounts were compromised, with attackers adding payment methods to 1,600 accounts and stealing about $600,000. The attackers also profited by selling access to compromised accounts. This resulted in financial loss to users and damage to DraftKings' customer trust. There is no indication of a software flaw or ongoing exploit beyond credential stuffing attacks exploiting weak or reused passwords.
Mitigation Recommendations
No specific software patch or fix is indicated. Mitigation focuses on preventing credential stuffing attacks by enforcing strong, unique passwords and multi-factor authentication for user accounts. Users should avoid password reuse and monitor accounts for unauthorized activity. DraftKings and similar services should implement protections against credential stuffing, such as rate limiting and anomaly detection. Since this is a criminal case outcome, no direct remediation or patch is applicable.
Technical Details
- Article Source
- {"url":"https://www.bleepingcomputer.com/news/security/draftkings-hacker-snoopy-sentenced-to-18-months-in-prison/","fetched":true,"fetchedAt":"2026-06-24T22:01:05.324Z","wordCount":685}
Threat ID: 6a3c53a14853345fc1e90c93
Added to database: 06/24/2026, 22:01:05 UTC
Last enriched: 06/24/2026, 22:01:11 UTC
Last updated: 06/24/2026, 22:01:11 UTC
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.