18-Year-Old Charged With Hacking 60,000 DraftKings User Accounts
Federal officials have charged an 18-year-old Wisconsin resident for a hack that ensnared 60,000 user accounts at sports betting site DraftKings last year.
Joseph Garrison has been charged(Opens in a new window) with conspiring to drain funds from DraftKings user accounts via a "credential stuffing attack." This involves taking usernames and passwords exposed in past data breaches and using computer programs to plug the stolen credentials into other sites in an attempt to break into accounts that used the same username/password combinations.
Federal officials didn’t name the sports betting site. But DraftKings told PCMag it worked with law enforcement to catch the “bad actor(s)” behind the assault. (In December, the company also warned(Opens in a new window) users about the incident.)
Garrison allegedly launched the credential stuffing attack with the help of others on DraftKings in November, successfully comprising about 60,000 accounts. “Garrison then sold access to those victim accounts through various websites that marketed and sold illegal account credentials,” the FBI says in a criminal complaint(Opens in a new window).
Garrison sold the hijacked DraftKings accounts with instructions on how to drain the funds, which involved adding a new payment method to a hijacked account. “Using this method, the hackers stole approximately $600,000 from approximately 1,600 victim accounts,” the FBI says.
Federal investigators connected Garrison to the crimes by looking at the IP address “that uploaded the instructions to use those stolen credentials to steal money from the victim accounts.” That IP address was tied to a Wisconsin residence belonging to Garrison’s parents. Law enforcement then searched his home, including his
Read more on pcmag.com
