Kamerin Stokes Sentenced for Selling Hacked DraftKings Accounts

Severity: Medium (Score: 48.9)

Sources: Securityaffairs.Co, Bleepingcomputer, www.justice.gov

Summary

Kamerin Stokes, a 23-year-old from Memphis, was sentenced to 30 months in prison for selling access to hacked DraftKings accounts. The accounts were compromised during a credential-stuffing attack in November 2022, which affected nearly 68,000 users. Stokes purchased these accounts from Nathan Austad and Joseph Garrison, who had exploited stolen credentials from multiple breaches. The attackers collectively stole around $635,000 from approximately 1,600 compromised accounts, generating over $2.1 million in sales from these hijacked accounts. After his arrest, Stokes continued his illegal activities, reopening his online shop under the tagline 'fraud is fun.' He has been ordered to pay $1,327,061 in restitution and $125,965.53 in forfeiture. Stokes's actions victimized thousands of users on the DraftKings platform, prompting significant financial losses for the company. Key Points: • Kamerin Stokes received a 30-month prison sentence for selling hacked DraftKings accounts. • The credential-stuffing attack compromised nearly 68,000 accounts, leading to significant financial theft. • Stokes continued his illegal operations even after pleading guilty and being arrested.

Key Entities

• Credential Stuffing (attack_type)
• Chick-fil-A (company)
• DraftKings (company)
• FanDuel (company)
• T1078 - Valid Accounts (mitre_attack)
• T1110 - Brute Force (mitre_attack)