November 2022 betting-website credential-stuffing campaign
Campaign
Summary
Hide ▲
Show ▼
The November 2022 credential-stuffing campaign against a betting platform compromised more than 60,000 accounts and drove about $600,000 in theft from affected customers. Attackers used stolen login credentials to access user accounts, add payment methods, and empty balances. The operation also fed a market for compromised-account resale, indicating an organized fraud pipeline rather than a one-off intrusion.
Related Happenings
Scattered Spider SMS phishing and SIM-swap crypto theft campaign
Campaign
First: 20.04.2026 16:33
Last: 20.04.2026 16:33
Sources 1
About this happening:
The **Scattered Spider** campaign used **SMS phishing** and **SIM swap** attacks to steal employee credentials, hijack phone numbers, and take over email and **virtual currency wa...
Scattered Spider SMS phishing and SIM-swap crypto theft campaign
CampaignAbout this happening: The **Scattered Spider** campaign used **SMS phishing** and **SIM swap** attacks to steal employee credentials, hijack phone numbers, and take over email and **virtual currency wa...
Kamerin Stokes sentenced for DraftKings account-selling scheme
Law Enforcement
First: 17.04.2026 10:10
Last: 17.04.2026 10:10
Sources 1
How related:
Two other individuals tied to that breach, Joseph Garrison and Kamerin Stokes, have already pleaded guilty.
About this happening:
**Kamerin Stokes** was **sentenced to 30 months in prison** for selling access to **tens of thousands of hacked DraftKings accounts**, closing a federal **cybercrime** case that a...
Kamerin Stokes sentenced for DraftKings account-selling scheme
Law EnforcementHow related: Two other individuals tied to that breach, Joseph Garrison and Kamerin Stokes, have already pleaded guilty.
About this happening: **Kamerin Stokes** was **sentenced to 30 months in prison** for selling access to **tens of thousands of hacked DraftKings accounts**, closing a federal **cybercrime** case that a...
DraftKings hit by network compromise
Incident
First: 17.04.2026 10:10
Last: 17.04.2026 10:10
Sources 1
About this happening:
**DraftKings** suffered a **credential-stuffing account compromise** that exposed nearly **68,000 accounts** and enabled theft from roughly **1,600 accounts**. Attackers reused cr...
DraftKings hit by network compromise
IncidentAbout this happening: **DraftKings** suffered a **credential-stuffing account compromise** that exposed nearly **68,000 accounts** and enabled theft from roughly **1,600 accounts**. Attackers reused cr...
Amitoj Kapoor and Siddharth Lillaney federal arrest and indictment for online gambling fraud
Law Enforcement
First: 09.02.2026 13:41
Last: 09.02.2026 13:41
Sources 1
About this happening:
**Amitoj Kapoor** and **Siddharth Lillaney** were **arrested and indicted** in a federal **online gambling fraud** case, escalating their exposure over an alleged **$3 million** s...
Amitoj Kapoor and Siddharth Lillaney federal arrest and indictment for online gambling fraud
Law EnforcementAbout this happening: **Amitoj Kapoor** and **Siddharth Lillaney** were **arrested and indicted** in a federal **online gambling fraud** case, escalating their exposure over an alleged **$3 million** s...
DraftKings credential stuffing campaign targeting customer accounts
Campaign
First: 07.10.2025 22:09
Last: 07.10.2025 22:09
Sources 1
About this happening:
A **DraftKings** credential-stuffing campaign put an **undisclosed number of customer accounts** at risk and triggered breach notices. Attackers used **stolen username/password pa...
DraftKings credential stuffing campaign targeting customer accounts
CampaignAbout this happening: A **DraftKings** credential-stuffing campaign put an **undisclosed number of customer accounts** at risk and triggered breach notices. Attackers used **stolen username/password pa...
Timeline
-
15.12.2025 18:45 2 articles · 5mo ago
November 2022 betting-website credential-stuffing campaign
Initial DisclosureIn **November 2022**, attackers began testing **stolen credential pairs** against the betting platform to find reused passwords. Successful logins were then used to take over accounts and monetize the access.
Show sources
- Third Defendant Pleads Guilty in Fantasy Sports Betting Hack Case — www.infosecurity-magazine.com — 15.12.2025 18:45
- Third Defendant Pleads Guilty in Fantasy Sports Betting Hack Case — www.infosecurity-magazine.com — 15.12.2025 18:45