Nathan Austad has been sentenced to 18 months in prison for his role in a 2022 credential-stuffing attack on DraftKings, which compromised approximately 1,600 accounts and resulted in the theft of $600,0001. The attack involved using stolen usernames and passwords from other breaches to gain unauthorized access to DraftKings accounts. Austad also operated a website that sold compromised accounts, further exacerbating the issue. In addition to his prison sentence, Austad must pay $1.8 million in restitution and forfeiture and will face three years of supervised release. This case highlights the importance of robust account security measures, such as multi-factor authentication, to prevent credential-stuffing attacks. So what matters to practitioners is that this incident demonstrates the severe consequences of failing to protect user accounts, making it essential to prioritize security measures to prevent similar breaches.