What happened
In June 2026, the DraftKings hacker Nathan Austad, a 21-year-old from Minnesota who used the online alias “Snoopy,” was sentenced to 18 months in prison for his role in the November 2022 cyberattack.
Austad pleaded guilty in December 2025 to conspiracy to commit computer intrusion. He admitted that he and co-conspirators compromised 60,000 DraftKings user accounts.
During the attack, the hackers added payment methods under their control to 1,600 accounts and stole $600,000.
DraftKings previously disclosed that attackers accessed customer accounts through credential stuffing, exploiting weak passwords or reused login credentials. The company initially reported that less than $300,000 had been stolen from affected customers, then later disclosed that 67,995 customer accounts had been compromised.
U.S. authorities previously charged Joseph Garrison in May 2023 over his alleged role in the scheme. Prosecutors later charged additional suspects in January 2024, including Kamerin Stokes, known as “TheMFNPlug,” and Austad, known as “Snoopy.”
Austad reportedly operated his own shop where he sold access to stolen accounts and also used other platforms to sell access. Prosecutors said the shop was named after the Snoopy character from the Peanuts comic strip.
The Department of Justice did not disclose how much the hackers earned from selling access to compromised accounts, but said Austad’s cryptocurrency accounts received approximately $465,000 in assets.
In addition to the 18-month prison sentence, Austad received three years of supervised release and was ordered to pay $463,684 in forfeiture and $1,327,061 in restitution.
Who is affected
DraftKings customers whose accounts were compromised in the November 2022 attack were directly affected.
The attack involved tens of thousands of compromised accounts, with payment methods added to 1,600 accounts and $600,000 stolen.
The case is also relevant to online gaming, betting, fintech, and consumer platforms where reused credentials, weak passwords, and credential stuffing can lead to account takeover, fraud, and downstream financial losses.
Why CISOs should care
This case shows how credential stuffing can become a large-scale financial fraud operation when attackers can validate reused credentials, access consumer accounts, add payment methods, and monetize stolen access through marketplaces.
For CISOs, the important lesson is that password reuse remains an enterprise and consumer platform risk even when the breached credentials did not originate from the targeted company. Attackers can take credentials exposed elsewhere and test them against high-value accounts at scale.
The marketplace element also matters. Austad reportedly sold access to compromised accounts through his own shop and other platforms, showing how account takeover can become a repeatable criminal business model rather than a one-off intrusion.
The sentencing and restitution also reinforce the financial consequences of credential-based attacks. The breach led to stolen funds, account compromise, law enforcement action, forfeiture, and restitution orders far exceeding the company’s early public estimate of customer losses.
3 practical actions
- Strengthen defenses against credential stuffing: DraftKings said the attack exploited weak passwords or reused login credentials. CISOs should deploy bot detection, rate limiting, breached-password screening, adaptive authentication, and suspicious login monitoring.
- Monitor account changes after successful logins: The attackers added payment methods under their control to 1,600 accounts. Security teams should flag unusual payment method changes, withdrawal behavior, device changes, and login patterns that follow credential stuffing activity.
- Disrupt account resale and fraud monetization paths: Austad reportedly sold access to compromised accounts through online shops and marketplaces. Organizations should monitor for exposed customer accounts, coordinate with fraud teams, and act quickly when stolen access appears in criminal marketplaces.
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.