January 30, 2024 at 04:31PM
The U.S. Department of Justice arrested and charged suspects involved in hacking almost 68,000 DraftKings accounts in a credential stuffing attack. Three defendants were charged, with two selling access to accounts that were compromised, leading to a loss of $635,000. Similar attacks affected FanDuel and Chick-fil-A. Automated tools and stolen credentials amplify the threat of such attacks.
Summary of Meeting Notes:
– The U.S. Department of Justice arrested and charged suspects involved in the hacking of almost 68,000 DraftKings accounts in a credential stuffing attack.
– DraftKings refunded hundreds of thousands of dollars to affected customers and a third defendant, Joseph Garrison, has been charged for his involvement in the scheme.
– The attack utilized a list of credentials collected from other breaches to hack into accounts, and the stolen funds totaled around $635,000 from roughly 1,600 accounts.
– The defendants also devised a method allowing buyers of the stolen DraftKings accounts to withdraw available funds and sold accounts to Kamerin Stokes.
– Nathan Austad and Garrison were found to be implicated in the attack through discussions with coconspirators and evidence found on their devices.
– FanDuel customers also reported account compromises due to credential-stuffing attacks, and Chic-Fil-A confirmed a similar attack affecting 71,473 customers.
– Garrison’s Goat Shop was found to be selling stolen Chic-Fil-A accounts as well, with instructions on using the stored rewards points.
I hope this summary accurately captures the key points from the meeting notes. Let me know if you need any additional information or assistance.