A federal court in the Southern District of New York has sentenced 23-year-old Kameron Stokes from Memphis, Tennessee, known as TheMFNPlug, to 30 months in federal prison for reselling access to hacked accounts of DraftKings.
In addition to his prison sentence, Stokes received three years of supervised release and is required to pay $1.32 million in restitution to DraftKings and $126,000 in forfeiture.
According to prosecutors, in November 2022, hackers Nathan Ostad and Joseph Garrison conducted a massive attack on DraftKings using stolen credentials, compromising approximately 68,000 accounts. About $635,000 was stolen from 1,600 of these accounts. Ostad and Garrison sold some of the access in bulk to Stokes, who then resold them through his website themfnplug.io, while others were sold through their own sites.
In addition to DraftKings, the hackers also targeted FanDuel and the Chick-fil-A restaurant chain, collectively earning over $2.1 million from the sales of access to accounts from all three companies.
After pleading guilty and being released on bail, Stokes launched a new website with the slogan 'fraud is fun,' continuing to trade in stolen accounts to pay for his lawyers, which led to his re-arrest. Stokes admitted that he had been running similar resale websites for stolen accounts for three years.