Third DraftKings Hacker Sentenced to 18 Months in Prison
In 2022, a credential-stuffing attack targeted the fantasy sports and betting website DraftKings, compromising over 60,000 accounts by using stolen usernames and passwords from other breaches. Attackers accessed accounts to withdraw funds or sell access on online marketplaces. Nathan Austad, the third individual charged in connection with this attack, pleaded guilty and was sentenced to 18 months in prison, ordered to pay approximately $1.8 million in restitution and forfeiture, and given three years of supervised release. The attack resulted in theft of about $600,000 from 1,600 DraftKings accounts. Austad also operated a website to sell compromised accounts and held cryptocurrency funds linked to the criminal activity. Other perpetrators received prison sentences as well. This case highlights the risks of credential-stuffing attacks and the legal consequences for perpetrators.
AI Analysis
Technical Summary
The threat involves a credential-stuffing attack conducted in 2022 against DraftKings, a fantasy sports and betting platform. Attackers used credentials obtained from other breaches to access over 60,000 accounts, withdrawing funds or selling account access. Nathan Austad, aka Snoopy, was identified as a key actor who pleaded guilty and was sentenced to prison and financial penalties. He also ran a website selling compromised accounts and maintained cryptocurrency accounts with proceeds from the crime. The attack affected approximately 1,600 accounts with losses totaling around $600,000. The U.S. Department of Justice prosecuted the case, emphasizing the commitment to protecting online markets. No technical vulnerability or patch information is provided, as this is a criminal case involving exploitation of stolen credentials rather than a software vulnerability.
Potential Impact
The attack led to unauthorized access to over 60,000 user accounts on DraftKings, resulting in theft of approximately $600,000 from 1,600 accounts. Compromised accounts were also sold on online marketplaces, potentially enabling further fraud. The incident caused financial losses to users and reputational damage to the targeted platform. Legal actions resulted in prison sentences and financial penalties for the perpetrators. There is no indication of a software vulnerability being exploited or ongoing technical risk to the platform itself.
Mitigation Recommendations
This incident is a criminal case involving credential-stuffing attacks rather than a software vulnerability. No patch or technical remediation is applicable. Defenders should continue to enforce strong authentication measures such as multi-factor authentication and monitor for credential-stuffing activity. The legal prosecution and sentencing demonstrate enforcement actions against perpetrators. Patch status is not applicable.
Third DraftKings Hacker Sentenced to 18 Months in Prison
Description
In 2022, a credential-stuffing attack targeted the fantasy sports and betting website DraftKings, compromising over 60,000 accounts by using stolen usernames and passwords from other breaches. Attackers accessed accounts to withdraw funds or sell access on online marketplaces. Nathan Austad, the third individual charged in connection with this attack, pleaded guilty and was sentenced to 18 months in prison, ordered to pay approximately $1.8 million in restitution and forfeiture, and given three years of supervised release. The attack resulted in theft of about $600,000 from 1,600 DraftKings accounts. Austad also operated a website to sell compromised accounts and held cryptocurrency funds linked to the criminal activity. Other perpetrators received prison sentences as well. This case highlights the risks of credential-stuffing attacks and the legal consequences for perpetrators.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The threat involves a credential-stuffing attack conducted in 2022 against DraftKings, a fantasy sports and betting platform. Attackers used credentials obtained from other breaches to access over 60,000 accounts, withdrawing funds or selling account access. Nathan Austad, aka Snoopy, was identified as a key actor who pleaded guilty and was sentenced to prison and financial penalties. He also ran a website selling compromised accounts and maintained cryptocurrency accounts with proceeds from the crime. The attack affected approximately 1,600 accounts with losses totaling around $600,000. The U.S. Department of Justice prosecuted the case, emphasizing the commitment to protecting online markets. No technical vulnerability or patch information is provided, as this is a criminal case involving exploitation of stolen credentials rather than a software vulnerability.
Potential Impact
The attack led to unauthorized access to over 60,000 user accounts on DraftKings, resulting in theft of approximately $600,000 from 1,600 accounts. Compromised accounts were also sold on online marketplaces, potentially enabling further fraud. The incident caused financial losses to users and reputational damage to the targeted platform. Legal actions resulted in prison sentences and financial penalties for the perpetrators. There is no indication of a software vulnerability being exploited or ongoing technical risk to the platform itself.
Mitigation Recommendations
This incident is a criminal case involving credential-stuffing attacks rather than a software vulnerability. No patch or technical remediation is applicable. Defenders should continue to enforce strong authentication measures such as multi-factor authentication and monitor for credential-stuffing activity. The legal prosecution and sentencing demonstrate enforcement actions against perpetrators. Patch status is not applicable.
Technical Details
- Article Source
- {"url":"https://www.securityweek.com/third-draftkings-hacker-sentenced-to-18-months-in-prison/","fetched":true,"fetchedAt":"2026-06-24T12:54:12.809Z","wordCount":1057}
Threat ID: 6a3bd374eed863c81ed8b2a3
Added to database: 06/24/2026, 12:54:12 UTC
Last enriched: 06/24/2026, 12:54:21 UTC
Last updated: 06/24/2026, 13:00:12 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.