A third individual involved in a sophisticated credential stuffing attack against the online sports betting platform DraftKings has pleaded guilty. The defendant, from Pennsylvania, admitted their role in the scheme that compromised thousands of customer accounts and resulted in significant financial losses for victims.

Unpacking the DraftKings Account Takeover

The extensive cyberattack utilized credential stuffing techniques, where stolen usernames and passwords from unrelated data breaches were used in an automated fashion to gain unauthorized access to DraftKings accounts. Once inside, the hackers changed account passwords, added new multi-factor authentication methods, and initiated unauthorized withdrawals of funds. The Department of Justice has stated that the scheme impacted approximately 60,000 DraftKings accounts, leading to a total loss of over $600,000 across multiple victims.

The Ongoing Legal Ramifications

This recent guilty plea follows those of two other individuals who were also charged in connection with the DraftKings incident. One co-defendant from New York pleaded guilty to conspiracy to commit computer intrusion, while another from North Carolina admitted to conspiracy to commit wire fraud. The series of guilty pleas highlights the commitment of law enforcement agencies to pursue and prosecute individuals involved in cybercrime, particularly those targeting financial platforms and customer accounts.

Source: https://www.securityweek.com/third-draftkings-hacker-pleads-guilty/