Kamerin Stokes, a 23-year-old from Memphis, Tennessee, was sentenced in the Southern District of New York after pleading guilty to conspiracy to commit computer intrusion. According to prosecutors, Stokes used the alias “TheMFNPlug” to sell access to compromised accounts on the fantasy sports and betting platform. Cybersecurity news coverage has identified the targeted betting operator as DraftKings.
Sentence Adds a Clear Cost to Account Trafficking
The sentence includes 30 months in federal prison, three years of supervised release, $1.33 million in restitution, and $125,965.53 in forfeiture. The case was handled by the Southern District of New York’s Complex Frauds and Cybercrime Unit.
How the Attack Reached Thousands of Accounts
The core attack occurred in November 2022. In the words of the prosecutors, the perpetrators engaged in credential stuffing. This method assumes the use of compromised login credentials gained from earlier data breaches to access other web services. This is often possible due to users’ reuse of passwords.
As was revealed by investigators, the attackers managed to gain access to 60,000 accounts. In certain cases, they added a new payment method and made a deposit of $5 as verification. After that, they would drain the rest of the funds from the victimized account.
Stokes Bought Access in Bulk and Resold It
Stokes was not described as the sole person responsible for the initial breach. As the case files show, his involvement was closer to distribution. The prosecutors indicated that Stokes purchased the compromised accounts in bulk and then sold them through his own online shop.
The accounts he obtained for resale had a listed value of more than $125,000. This suggests that the market for account information was not limited to passwords alone. In this case, the stores were selling access with a clear financial goal, as they could still be drained before the operator closed the loophole.
Reopened Shop Hurt His Position
One of the more unusual turns in the case came after Stokes had already pleaded guilty. According to prosecutors, he attempted to reopen a shop offering access to hijacked retail accounts. Stokes used the slogan “fraud is fun” and said he needed money to cover attorney costs. This led to his being re-arrested for breaking conditions of his pre-trial release.
Bottom Line
The takeaway for operators is that credential stuffing is not just an issue related to logins. With accounts compromised, a separate resale chain emerges rapidly, with sellers, buyers, instructions, and price lists. Password screening, risk scoring, withdrawal scrutiny, and payment methods all become important, since the fraud often occurs after initial login success.
