image credit: pixabay
According to court documents, in November 2022, the man, Joseph Garrison, 19, used username and password pairs from other data breaches to access approximately 60,000 user accounts at the target site that were using the same passwords.
Although not named in the documents presented in court, DraftKings, which in November 2022 reported falling victim to a credential stuffing attack, appears to be the target website.
In some instances, Garrison and his co-conspirators withdrew funds from the compromised accounts by adding a new payment method to them. In total, the attackers stole roughly $600,000 from approximately 1,600 accounts.
Comments are closed.
