Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1794+ Articles
149+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
  1. Home
  2. News
  3. Minnesota Man Known as 'Snoopy' Sentenced in DraftKings Hack
Minnesota Man Known as 'Snoopy' Sentenced in DraftKings Hack
NEWS

Minnesota Man Known as 'Snoopy' Sentenced in DraftKings Hack

Nathan Austad of Minnesota, who operated under the alias 'Snoopy,' has been sentenced for his role in the 2022 DraftKings data breach, becoming the third...

Dylan H.

News Desk

June 26, 2026
3 min read

The final chapter in the 2022 DraftKings hack has closed. Nathan Austad, a Minnesota man who operated online under the alias "Snoopy," has been sentenced for his role in the credential stuffing attack that compromised accounts on the popular sports betting platform — becoming the third and final defendant sentenced in connection with the breach.

Background: The 2022 DraftKings Breach

In November 2022, DraftKings disclosed that attackers had used credential stuffing — a technique that automates login attempts using lists of previously breached username and password combinations — to compromise approximately 67,000 customer accounts. Victims lost a combined estimated $300,000 as attackers drained withdrawable funds from their betting accounts.

The attack exploited a fundamental weakness: customers who reused passwords from other breached services were vulnerable even though DraftKings' own systems were not directly compromised.

Austad's Role: The Storefront Operator

Austad's role in the scheme was as a criminal marketplace operator. Rather than conducting the credential stuffing attacks himself, Austad sold access to the compromised DraftKings accounts through an underground storefront — essentially acting as a broker between attackers who obtained the credentials and buyers looking to drain accounts.

This middleman model is increasingly common in cybercrime ecosystems, where attackers specialize in specific parts of an attack chain:

  • Credential harvesters — obtain lists of breached credentials
  • Stuffers — run automated tools to test credentials against platforms
  • Storefront operators (Austad's role) — sell verified working accounts
  • Cashers — withdraw or transfer funds from compromised accounts

The Full Defendant Picture

Austad is the third and final defendant sentenced in the DraftKings case. The prosecution of all three defendants represents a relatively complete enforcement action for a credential stuffing case — many such crimes go unprosecuted due to the difficulty of attribution and cross-jurisdictional complications.

Credential Stuffing: A Persistent Threat

The DraftKings case highlights why credential stuffing remains one of the most prevalent attack vectors against consumer platforms:

  • Billions of credential pairs from historical breaches circulate freely on criminal forums
  • Automation tools make it cheap and easy to test credentials at scale
  • Many users continue to reuse passwords across multiple services
  • Sports betting and gaming platforms are particularly attractive targets due to the presence of withdrawable funds

Protecting Yourself Against Credential Stuffing

The DraftKings breach is a reminder that your account on one platform can be compromised even when that platform's security is sound — if you're reusing a password that was leaked elsewhere.

Steps to take:

  1. Use a password manager — generate a unique, random password for every service
  2. Enable multi-factor authentication wherever available, especially on financial and gaming accounts
  3. Check Have I Been Pwned (haveibeenpwned.com) to see if your email addresses appear in known breaches
  4. Monitor your DraftKings (and other platform) account activity for unauthorized withdrawals or suspicious logins
  5. Enable login notifications so you're alerted to new device access

Platform-Side Defenses

For operators of consumer platforms with financial functionality, the DraftKings case offers a clear playbook for detection and prevention:

  • Implement rate limiting and CAPTCHA on login endpoints
  • Deploy behavioral analytics to detect automated login patterns
  • Require re-authentication for fund withdrawals, even for logged-in sessions
  • Use leaked credential databases to proactively identify and lock compromised accounts
  • Enforce MFA as the default, not opt-in

The sentencing of all three defendants in the DraftKings case demonstrates that law enforcement is willing and able to pursue the full criminal ecosystem behind credential stuffing attacks — not just the direct attackers.

#Data Breach#Cybercrime#Sentencing#Credential Stuffing#Sports Betting

Related Articles

In Other News: Canadian Hacker Jailed, Open Source Zero-Days, Two Sentenced for ATM Jackpotting

A roundup of security stories you may have missed: an Anonymous-linked Canadian hacker receives a prison sentence, a researcher drops zero-days in open...

4 min read

Blackfield Ransomware Demands $2 Million from Nidec Corporation

The Blackfield ransomware gang is demanding a $2 million ransom from Nidec Corporation after attacking its Taiwanese subsidiary, Nidec Chaun Choung...

4 min read

Third-Party Breaches Teach Education Sector a Costly Lesson in Vendor Risk

Rising third-party breach incidents are forcing schools and universities to play defense as ransomware gangs and supply chain attackers increasingly...

5 min read
Back to all News