Kamerin Stokes, a 23-year-old resident of Memphis, Tennessee, has received a prison sentence for his involvement in a credential stuffing attack against the online betting platform DraftKings in 2022.
Stokes has been sentenced to 30 months behind bars, accompanied by three years of supervised release. Furthermore, he has been ordered to forfeit $125,000 and pay $1.3 million in restitution.
During the 2022 attack, hackers infiltrated around 60,000 accounts by using username-password combinations that were obtained from previous data breaches. The primary objective of the attack was to illegally withdraw funds from the compromised accounts.
Although the Department of Justice (DoJ) did not explicitly name the targeted platform, it described it as a fantasy sports and betting website, which aligns with DraftKings' operations.
Stokes operated under the online alias ‘TheMFNPlug’ and acquired DraftKings accounts in bulk, subsequently selling access to these accounts via an online marketplace that he managed.
The Justice Department noted that Stokes resumed his illicit activities even after he had pleaded guilty, continuing to offer access to accounts from various retailers.
“Stokes promoted his reopened shop with the tagline ‘fraud is fun,’ claiming he had been engaged in such activities for three years. He indicated that he reestablished his shop partly because he needed funds to pay for his legal representation,” stated the DoJ.
Two additional individuals have been charged in connection with the same scheme. Joseph Garrison pleaded guilty in November 2023 and was sentenced to 18 months in prison in February 2024. Meanwhile, Nathan Austad entered a guilty plea in December 2025 and is awaiting sentencing.
Both Garrison and Austad collaborated in executing the credential stuffing attack and in the subsequent sale of the account accesses.
Despite the legal actions taken, DraftKings continues to face threats from credential stuffing attacks, prompting the company to issue a warning to its users in October 2025.
Related Articles:
- Dutch Port Hacker Sentenced to Prison
- LeakBase Cybercrime Forum Shut Down, Suspects Arrested
- Man Linked to Phobos Ransomware Arrested in Poland
Written by Eduard Kovacs, who transitioned from a high school IT teacher to a senior managing editor in journalism, holds degrees in industrial informatics and computer techniques applied in electrical engineering.
More Articles by Eduard Kovacs
- OpenAI Widens Access to Cybersecurity Model After Anthropic’s Mythos Reveal
- Data Breach at Tennessee Hospital Affects 337,000
- Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest
- Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments
- Exploited Vulnerability Exposes Nginx Servers to Hacking
- $10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks
- ICS Patch Tuesday: 8 Industrial Giants Publish New Security Advisories
- Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities
Latest News
- Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks
- White House Chief of Staff to Meet With Anthropic CEO Over Its New AI Technology
- CoChat Launches AI Collaboration Platform to Combat Shadow AI
- In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested
- Lawmakers Gathered Quietly to Talk About AI. Angst and Fears of ‘Destruction’ Followed
- Recent Apache ActiveMQ Vulnerability Exploited in the Wild
- Two North Korean IT Worker Scheme Facilitators Jailed in the US
- ZionSiphon Malware Targets ICS in Water Facilities
Source: SecurityWeek News