Austad, 21, of Farmington, Minnesota, admitted in court to participating in a scheme that used a credential stuffing attack to compromise a large number of user accounts on an unnamed betting website. Credential stuffing involves using username and password combinations leaked from a past data breach to gain unauthorized access to accounts on different, unrelated websites, relying on the fact that many users reuse their login details.
Austad and his co-conspirators successfully compromised over 60,000 user accounts. The hackers then added new payment methods to these compromised accounts and proceeded to steal approximately $600,000 in total from about 1,600 of those victims. In addition to directly stealing funds, the hackers also sold access to the compromised user accounts through various online marketplaces.
GET 50% Discount for VPN/ANTIVIRUS SOFTWARE AT 911Cyber - CODE: bit5025
Austad personally controlled one of these online shops that sold account access. He also managed cryptocurrency accounts that received roughly $465,000 worth of virtual assets, which included proceeds generated from this illegal scheme. Court documents also indicated that Austad communicated with his co-conspirators about the existence of an ongoing investigation into their hacking campaign.
Austad pleaded guilty to computer intrusion conspiracy and faces a potential sentence of up to five years in federal prison. Although the impacted betting website was not officially named in the court documents, the details strongly suggest it was DraftKings, which reported that approximately 68,000 user accounts were compromised in a credential stuffing attack in November 2022.
Two other individuals were previously arrested and indicted in connection with these same hacks: Joseph Garrison and Kamerin Stokes. Garrison pleaded guilty in November 2023 and received a sentence of 18 months in prison in early 2024, and Stokes also pleaded guilty in April 2024. More recently, in October 2025, DraftKings issued a new warning to its users about another wave of credential stuffing attacks targeting their accounts.