Madison Teenager Accused of Stealing From 1,600 DraftKings Accounts

By Todd Winkler,
Editor at online-gambling.com

Todd Winkler Editor at online-gambling.com

Todd Winkler is another one of our highly professional editors at online-gambling.com. The expert has been part of our team for 6 years, during which time he contributed articles regarding poker, blackjack, and DFS. Winkler is also knowledgeable about New Zealand's legal gambling market.

• Twitter
• Email

More About Todd Winkler

Last updated: May 24, 2023

Joseph Garrison, an 18-year-old Madison, Wisconsin man, is presently facing federal criminal accusations for his role in a cybercrime scam involving the sale of DraftKings betting accounts. Garrison and his associates are accused of stealing $600,000 from around 1,600 of these accounts.

Garrison turned himself into the FBI in New York and was due to appear in front of US Magistrate Judge James Cott. While DraftKings was not particularly identified in the news release issued by the US Attorney for the Southern District of New York, the gaming business stated that it had been the victim of a credential-stuffing attempt in November.

Account IDs, email addresses, and password combinations are obtained in credential-stuffing attacks and sold on the dark web. Garrison and his associates are said to have successfully accessed 60,000 DraftKings client accounts.

Cybercriminals Exploit Credential-Stuffing Attack to Drain Funds

According to the statement, in certain circumstances, the unauthorized individuals were successful in adding a new payment method to the victim’s account, inputting $5 to validate the method, and then removing all monies from the account using the newly added payment method. As a result, the victims’ monies were stolen.

During a search of Garrison’s residence in February, evidence of computer programs utilized for this type of cybercrime was located. DraftKings first minimized the scope of the cyber breach, claiming that it affected less than $300,000 in client cash. However, according to a complaint with the Maine Attorney General’s office in December 2022, the hack affected 68,000 accounts.

Customers were told that extremely sensitive information such as bank account numbers, driver’s license numbers, and Social Security numbers were not accessed. However, it is suspected that the cybercriminals gained clients’ names, addresses, phone numbers, email addresses, payment card last four digits, account activity, and the date of their most recent password change.

Cybercriminals Exploit Credential-Stuffing Attack to Drain Funds

Garrison is charged with computer intrusion conspiracy, unlawful access to a protected computer with the purpose to conduct fraud, unauthorized access to a protected computer, wire fraud conspiracy, wire fraud, and aggravated identity theft. He might face lengthy jail sentences if convicted.

Law enforcement investigators confiscated Garrison’s cell phone during a search of his home, which revealed proof of his connection with other cyber criminals as well as indicators of his pleasure for fraud and financial advantages. The prosecution will be led by Assistant U.S. Attorneys Kevin Mead and Micah Fergenson, who will work in the US Attorney’s Complex Frauds and Cybercrime Unit.

In the last few years, cybercrime involving the theft of personal information and financial fraud has been a major threat. Sportsbooks and casinos make easy targets due to the nature of their businesses.

The story of Joseph Garrison and his involvement in a cybercrime scam targeting DraftKings betting accounts demonstrates the seriousness and sophistication of such illegal acts. The fact that Garrison and his associates were able to drain $600,000 from about 1,600 accounts is concerning and emphasizes the importance of strong cybersecurity safeguards. In addition, more awareness should be spread regarding cybersecurity and how people can protect themselves and their data on the internet.