CyberSecurityBoard
Sponsor Register Login

US charges two more suspects with DraftKing account hacks

The U.S. Department of Justice arrested and charged two more suspects for their involvement in the hacking of almost 68,000 DraftKings accounts in a November 2022 credential stuffing attack.
One month later, DraftKings said it had refunded hundreds of thousands of dollars stolen from 67,995 customers whose accounts were hijacked in the incident.
A third defendant, Joseph Garrison, was charged in May 2023 for his involvement in the same scheme targeting the fantasy sports and sports betting website.
In November, he also pled guilty to conspiring to commit computer intrusion in connection with this attack and will be sentenced on Thursday.
Credential stuffing attacks use automated tools to make millions of login attempts using a list of user/password pairs.
This technique is particularly effective against accounts where the owner has reused the same login information across multiple platforms.
According to the complaint, Nathan Austad and Garrison used a list of credentials collected from other breaches to hack into the DraftKings accounts and then sold access to the accounts to others who stole around $635,000 from roughly 1,600 compromised accounts.
Together, the defendants also devised a method allowing buyers of the stolen DraftKings accounts to withdraw all available funds.
While analyzing Austad's seized phone, law enforcement agents found more evidence implicating him in the DraftKings credential attack, including discussions with coconspirators regarding the hack.
Chick-fil-A also confirmed in March 2023 that 71,473 customers had their accounts breached following a months-long credential stuffing attack that targeted the platform between December 18th, 2022, and February 12th, 2023.
Garrison's Goat Shop was also selling stolen Chic-Fil-A accounts at the time, providing instructions on how buyers could use the stored rewards points.
Automated tools and aggregated stolen credentials fuel a massive surge of credential stuffing attacks, as the FBI warned almost two years ago.
Alleged BreachForums owner Pompompurin arrested on cybercrime charges.
US charged 19 suspects linked to xDedic cybercrime marketplace.
23andMe data breach: Hackers stole raw genotype data, health reports.
Tesla hacked again, 24 more zero-days exploited at Pwn2Own Tokyo.
Tesla hacked, 24 zero-days demoed at Pwn2Own Automotive 2024.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 30 Jan 2024 21:30:10 +0000


Cyber News related to US charges two more suspects with DraftKing account hacks

US charges two more suspects with DraftKing account hacks - The U.S. Department of Justice arrested and charged two more suspects for their involvement in the hacking of almost 68,000 DraftKings accounts in a November 2022 credential stuffing attack. One month later, DraftKings said it had refunded hundreds ...
1 year ago Bleepingcomputer.com
LockBit administrator sentenced to almost four years in prison after guilty plea - An administrator for the LockBit ransomware gang has been sentenced to four years in prison after pleading guilty to eight charges in a Canadian court last month. Mikhail Vasiliev, a 34-year-old Canadian-Russian dual national, has been in legal peril ...
10 months ago Therecord.media
How to Stop Your X Account From Getting Hacked Like the SEC's - This week, the United States Securities and Exchange Commission suffered an embarrassing-and market-moving-breach in which a hacker gained access to its X social media account and published fake information about a highly anticipated SEC announcement ...
1 year ago Wired.com
Cyber Insights 2023: Cyberinsurance - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. In 2022, Russia invaded Ukraine with the potential for more serious and more ...
2 years ago Securityweek.com
Hangzhou's Cybersecurity Breakthrough: How ChatGPT Elevated Ransomware Resolution - The Chinese media reported on Thursday that local police have arrested a criminal gang from Hangzhou who are using ChatGPT for program optimization to carry out ransomware attacks for the purpose of extortion. An organization in the Shangcheng ...
1 year ago Cysecurity.news
Autistic teen behind spate of Lapsus$ hacks sentenced to indefinite hospital stay - Arion Kurtaj, a teenager described as a key member of the Lapsus$ group, was sentenced to an indefinite hospital order on Thursday for a series of high-profile hacks last year. Kurtaj, who is 18 and has severe autism, was deemed unfit to stand trial ...
1 year ago Therecord.media
US announces visa ban on those linked to commercial spyware - Secretary of State Antony J. Blinken announced today a new visa restriction policy that will enable the Department of State to ban those linked to commercial spyware from entering the United States. As part of this effort, the Biden Administration ...
11 months ago Bleepingcomputer.com
US detains suspects behind $80 million 'pig butchering' scheme - The U.S. Department of Justice charged four suspects for their alleged involvement in a pig butchering fraud scheme that resulted in more than $80 million in victim losses. A seven-count indictment on Wednesday linked four suspects, Lu Zhang, Justin ...
1 year ago Bleepingcomputer.com
AWS Root vs IAM User: What to Know & When to Use Them - In Amazon Web Services, there are two different privileged accounts. One is defined as Root User and the other is defined as an IAM User. In this blog, I will break down the differences of an AWS Root User versus an IAM account, when to use one ...
2 years ago Beyondtrust.com
Payoneer accounts in Argentina hacked in 2FA bypass attacks - Numerous Payoneer users in Argentina report waking up to find that their 2FA-protected accounts were hacked and funds stolen after receiving SMS OTP codes while they were sleeping. Payoneer is a financial services platform providing online money ...
1 year ago Bleepingcomputer.com
What Can Go Wrong with Bank Online Account Opening? - Online account opening is one of the most crucial functions for banks today. They pull out their driver's license and show it to the camera on the phone or on the PC. The bank checks some data and vets the driver's license and a new account is ...
1 year ago Securityboulevard.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
CISOs on alert following SEC charges against SolarWinds - While the outcome of the Security and Exchange Commission's complaint against SolarWinds remains to be seen, infosec experts say the charges are likely to have a major impact on the role of the CISO going forward. In late October, the SEC charged ...
1 year ago Techtarget.com
Over 15,000 hacked Roku accounts sold for 50¢ each to buy hardware - Roku has disclosed a data breach impacting over 15,000 customers after hacked accounts were used to make fraudulent purchases of hardware and streaming subscriptions. BleepingComputer has learned there is more to this attack, with threat actors ...
10 months ago Bleepingcomputer.com
CVE-2021-41129 - Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. A malicious user can modify the contents of a `confirmation_token` input during the two-factor authentication process to reference a cache value not ...
1 year ago
Two Russians indicted for hacking JFK taxi dispatch system The Register - For a period of two years between September 2019 and September 2021, two Americans and two Russians allegedly compromising the taxi dispatch system at John F. Kennedy International Airport in New York to sell cabbies a place at the front of the ...
1 year ago Theregister.com
US court docs expose fake antivirus renewal phishing tactics - In a seizure warrant application, the U.S. Secret Service sheds light on how threat actors stole $34,000 using fake antivirus renewal subscription emails. The now-executed seizure warrant was submitted by Special Agent Jollif of the United States ...
1 year ago Bleepingcomputer.com
US Treasury sanctions Sinbad cryptocurrency mixer used by North Korean hackers - The U.S. Treasury Department on Wednesday sanctioned a popular cryptocurrency mixer used to launder funds stolen by hackers connected to the North Korean government. The Treasury Department's Office of Foreign Assets Control announced new sanctions ...
1 year ago Therecord.media
Apex Legends players worried about RCE flaw after ALGS hacks - Electronic Arts has postponed the North American finals of the ongoing Apex Legends Global Series after hackers compromised players mid-match during the tournament. ALGS is an esports tournament series where players compete in a fast-paced, strategic ...
10 months ago Bleepingcomputer.com
How to Temporarily Deactivate Instagram? - Instagram is an amazing social platform where you can stay in touch with your friends and influencers, but sometimes it can be too much. If Instagram has become too distracting or overwhelming for you to use effectively-whether for mental peace, ...
1 year ago Hackercombat.com
NY engineer pleads guilty to stealing millions from two crypto exchanges - A former security engineer for an international tech company pleaded guilty in federal court to hacking two decentralized cryptocurrency exchanges. As a result of these hacks in July 2022, U.S. citizen Shakeeb Ahmed, 34, illegally obtained over $12 ...
1 year ago Therecord.media
Gmail Hackers Leave Vital Clues Behind-Check These 3 Things Now - With more than 1.8 billion active accounts, Gmail is not only one of the most used services online but one of the most targeted by hackers. It's not hard to understand why, as Gmail soaks up around half of all email client usage by U.S. market share. ...
1 year ago Forbes.com
SIM swapper gets 8 years in prison for account hacks, crypto theft - Amir Hossein Golshan, 25, was sentenced to eight years in prison by a Los Angeles District Court and ordered to pay $1.2 million in restitution for crimes involving SIM swapping, merchant fraud, support fraud, account hacking, and cryptocurrency ...
1 year ago Bleepingcomputer.com
Ragnar Locker ransomware developer arrested in France - Law enforcement agencies arrested a malware developer linked with the Ragnar Locker ransomware gang and seized the group's dark web sites in a joint international operation. Authorities from France, the Czech Republic, Germany, Italy, Latvia, the ...
1 year ago Bleepingcomputer.com
US charged 19 suspects linked to xDedic cybercrime marketplace - The U.S. Department of Justice announced the end of a transnational investigation into the dark web xDedic cybercrime marketplace, charging 19 suspects for their involvement in running and using the market's services. An international operation ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)