Nathan Austad is the third particular person to plead responsible to launching a credential stuffing assault in opposition to a fantasy sports activities and betting web site, the DoJ introduced.
Austad, 21, of Farmington, Minnesota, also referred to as ‘Snoopy’, admitted in courtroom to his function in a scheme to hack hundreds of consumer accounts and promote entry to them to empty their funds.
Based on paperwork and statements offered in courtroom, Austad and his co-conspirators compromised over 60,000 consumer accounts on the betting web site.
The hackers added a brand new fee methodology to the compromised accounts, stealing roughly $600,000 from roughly 1,600 victims.
Moreover, the paperwork present, the hackers bought entry to the sufferer accounts by way of numerous on-line outlets.
Austad managed one such store, in addition to cryptocurrency accounts that acquired roughly $465,000 price of digital belongings, together with proceeds from the scheme.
The courtroom paperwork additionally present that Austad messaged his co-conspirators concerning the existence of an investigation into their marketing campaign.
Austad, who pleaded responsible to laptop intrusion conspiracy, faces as much as 5 years in jail.Commercial. Scroll to proceed studying.
Whereas the impacted betting web site was not named, it’s possible DraftKings, which in November 2022 introduced that roughly 68,000 consumer accounts have been compromised in a credential stuffing assault.
Two different people have been arrested and indicted as a part of the DraftKings hacks, specifically Joseph Garrison and Kamerin Stokes.
Garrison pled responsible in November 2023 and was sentenced to 18 months in jail in early 2024. Stokes pled responsible in April 2024.
In October 2025, DraftKings warned of a brand new wave of credential stuffing assaults focusing on its customers.
As a part of such an assault, risk actors use credential pairs obtained from previous information breaches to log into consumer accounts on unrelated web sites. The assaults financial institution on using the identical usernames and passwords for a number of accounts.
Associated: Former Accenture Worker Charged Over Cybersecurity Fraud
Associated: US Indicts Extradited Ukrainian on Fees of Aiding Russian Hacking Teams
Associated: Australian Man Sentenced to Jail for Wi-Fi Assaults at Airports and on Flights
Associated: Current GeoServer Vulnerability Exploited in Assaults
