A 23-year-old hacker, Kamerin Stokes, has been sentenced to 30 months in prison for his involvement in a 2022 credential stuffing attack against DraftKings. Stokes, also known as TheMFNPlug, continued to sell stolen login credentials online even after pleading guilty to the charges. The court has ordered him to pay $1.3 million in restitution and $125,000 in forfeiture, in addition to serving a three-year supervised release. This sentence highlights the severe consequences of engaging in cybercrime activities, particularly those that involve the sale of stolen data. The financial impact of the breach is significant, with Stokes being ordered to pay over $1.4 million in fines and restitution1. This case serves as a reminder to practitioners of the importance of implementing robust security measures to prevent credential stuffing attacks and the severe penalties that can result from engaging in such activities.