23-year-old Kamerin Stokes of Memphis, Tennessee, was sentenced to 30 months in prison for selling access to tens of thousands of hacked DraftKings accounts. According to court documents, the accounts were hijacked by Nathan Austad (aka Snoopy) with the help of Joseph Garrison (a third accomplice charged in May 2023) in a massive November 2022 credential-stuffing attack that compromised nearly 68,000 DraftKings accounts. U.S. prosecutors said Austad and Garrison used a list of credentials stolen in multiple breaches to hack into DraftKings accounts, then sold access to others who stole around $635,000 from roughly 1,600 compromised accounts. While they made over $2.1 million selling some of these hijacked DraftKings accounts (as well as FanDuel and Chick-fil-A accounts) through their own "shops," they also sold many in bulk to Stokes (also known online as TheMFNPlug), who resold them through his own "shop." One month later, the sports betting giant said it had to refund hundreds of thousands of dollars stolen from hacked accounts, after all available funds were withdrawn following the addition of a new payment method and a $5 deposit to verify its validity. ​After being arrested, pleading guilty, and released while awaiting trial, Stokes reopened his shop with a new "fraud is fun" tagline and continued selling access to compromised accounts for various retailers. Prosecutors said he also admitted "he had been running these types of shops for three years" and that he relaunched the shop because he needed money to pay his attorney. "Kamerin Stokes victimized thousands of users of an online betting website though [sic] a cyberattack," U.S. Attorney Jay Clayton noted in a Thursday press release.