好的,我现在需要帮用户总结这篇文章的内容,控制在100个字以内。首先,我得仔细阅读文章,抓住关键信息。 文章讲的是一个叫Kamerin Stokes的人,也就是TheMFNPlug,他因为参与2022年对DraftKings的 credential stuffing 攻击而被判刑。他被判处30个月监禁,并被罚款和赔偿超过140万美元。攻击中,他利用从暗网购买的被盗用户名和密码,测试了大约6万个账户,导致用户损失了数万美元。即使在认罪后,他还在继续卖被盗账户。最终,他被再次逮捕,并面临更多处罚。 接下来,我需要将这些信息浓缩到100字以内。要包括人物、判刑时间、罚款金额、攻击手段、影响以及后续行为。 可能的结构:黑客名字、判刑时间、罚款金额、攻击手段(credential stuffing)、影响(6万账户)、后续行为(继续卖账户)、最终结果(再次逮捕)。 现在组合成一句话: “DraftKings黑客Kamerin Stokes因参与2022年credential stuffing攻击被判30个月监禁,并需支付140万美元罚款。攻击导致6万账户被盗,部分资金被窃取。即使在认罪后,Stokes仍继续出售被盗账户。” 检查字数是否在100字以内,并确保所有关键点都涵盖。 </think> DraftKings黑客Kamerin Stokes因参与2022年credential stuffing攻击被判30个月监禁,并需支付140万美元罚款。攻击导致6万账户被盗,部分资金被窃取。即使在认罪后,Stokes仍继续出售被盗账户。 2026-4-17 14:16:23 Author: securityaffairs.com(查看原文) 阅读量:15 收藏
DraftKings hacker sentenced to prison, ordered to pay $1.4 Million
A DraftKings hacker got 30 months in prison for selling stolen credentials and must pay over $1.4 million in fines and restitution.
Kamerin Stokes, 23, from Memphis (aka TheMFNPlug), received a 30-month prison sentence for his role in a 2022 credential stuffing attack against DraftKings. He continued selling stolen login data online even after pleading guilty. The court also ordered three years of supervised release, $125,000 in forfeiture, and $1.3 million in restitution, highlighting the financial impact of the breach and the consequences of ongoing cybercrime activity.
“United States Attorney for the Southern District of New York, Jay Clayton, announced today that KAMERIN STOKES, a/k/a “TheMFNPlug,” was sentenced to 30 months in prison for his role in a scheme to hack user accounts on a fantasy sports and betting website (the “Betting Website”) and sell access to those accounts, resulting in losses of hundreds of thousands of dollars to the users. STOKES was sentenced today before U.S. District Judge Naomi Reice Buchwald.” reads the press release published by DoJ.
In November 2022, attackers carried out a credential stuffing attack against DraftKings using large sets of stolen usernames and passwords bought on the dark web. They tested these credentials across accounts, targeting users who reused the same login details. The attackers managed to access around 60,000 accounts. In some cases, they added new payment methods, deposited small amounts to verify them, and then withdrew the full balance to accounts they controlled. This allowed them to steal funds directly from victims, showing how dangerous password reuse can be and how easily attackers can exploit compromised credentials at scale.
The man sold access to stolen DraftKings accounts through his own online shop under the alias “TheMFNPlug,” handling accounts worth over $125,000. Even after pleading guilty, he reopened the shop, selling stolen accounts from various platforms and promoting it with the slogan “fraud is fun.” He admitted running such operations for years and said he needed money for legal fees. Authorities arrested him again for violating release conditions and placed him back in custody.
“In addition to the prison term, STOKES, 23, of Memphis, Tennessee, was sentenced to three years of supervised release and ordered to pay $125,965.53 in forfeiture and $1,327,061 in restitution.” concludes DoJ. “Mr. Clayton praised the outstanding work of the Federal Bureau of Investigation.”
In November 2022, DraftKings announced that approximately 68,000 accounts had been compromised in another credential stuffing attack.
In November 2023, US teenager Joseph Garrison pleaded guilty to his involvement in the credential stuffing attack. In January 2024, Garrison was sentenced to 18 months in prison.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, cybercrime)
如有侵权请联系:admin#unsafe.sh