November 15, 2023
A 19-year-old man from Wisconsin has pleaded guilty to a hacking scheme that targeted more than a thousand DraftKings accounts, resulting in the theft of approximately $600,000. The defendant, Joseph Garrison, and other individuals accessed around 60,000 accounts on the sports betting platform and stole money from about 1,600 accounts. Garrison now faces a maximum sentence of five years in prison and is scheduled to be sentenced in January.
Garrison carried out the scheme by using a tactic known as credential stuffing attack. This involves using stolen user credentials from other platforms to check if they work on the targeted website, in this case, DraftKings. Law enforcement discovered programs and files typically used for credential stuffing attacks on Garrison's computer during a search of his home. They also found conversations between Garrison and his co-conspirators discussing how to hack DraftKings. In one conversation, Garrison expressed his enjoyment of fraud and his addiction to seeing money in his account.
The prevalence of password reuse among users makes credential stuffing attacks a common method for hacking user accounts. In 2021, cybercrime analytics firm SpyCloud reported a password reuse rate of 64% for users with multiple exposed passwords. This highlights the importance of using unique passwords for different platforms to enhance cybersecurity.
Last year, DraftKings users experienced significant financial losses, with some customers being locked out of their accounts after large sums of money were withdrawn. The timing of this hack aligns with the period when Garrison carried out his credential stuffing attack. In response to the cyberattack, DraftKings advised its customers to use unique passwords for their platform and other websites, as the compromised login information was likely obtained from other sources. Other online gambling companies, such as FanDuel, have also fallen victim to hacking incidents, further emphasizing the need for robust cybersecurity measures.
The guilty plea of Joseph Garrison in the hacking scheme targeting DraftKings accounts highlights the ongoing threat of cyberattacks in the gambling sector. It serves as a reminder for individuals and companies to prioritize cybersecurity and implement measures to protect user accounts and sensitive information. Users should use unique passwords for different platforms, and companies must invest in robust security systems to safeguard their customers' data.
For more information, you can refer to the following sources:
Matteo "Teo" Bianchi, hailed as BettingRanker's "Data Dynamo", is the quintessential combination of a sports enthusiast and a numbers whiz. His meticulous research ensures bettors are always a step ahead, making him a cornerstone of the platform.