Third DraftKings Hacker Sentenced to 18 Months

Nathan Austad, the third individual sentenced in connection with the cyberattack on DraftKings, received an 18-month prison term. The sentencing, reported by SecurityWeek, also requires him to pay roughly $1.8 million in forfeiture and restitution, followed by three years of supervised release.

The case stems from a credential stuffing campaign that compromised user accounts. The attack exploited reused passwords, leading to unauthorized access and financial losses. While the exact number of affected accounts was not detailed, the scheme involved multiple perpetrators.

Austad's role centered on using stolen credentials to access DraftKings accounts and siphon funds. Credential stuffing attacks automate login attempts with breached username-password pairs, often targeting high-traffic platforms where users recycle passwords.

The sentencing concludes a legal chapter involving three hackers convicted for their parts in the breach. DraftKings has since bolstered its authentication measures, though specifics on patch timelines or additional security upgrades were not included in the source.

This case highlights the persistent threat of credential stuffing, particularly in the gaming and finance sectors. Law enforcement's pursuit of even low-level actors signals growing accountability in cybercrime, though broader industry trends show such attacks remain widespread.