Remember our post from November “Not using Multi-Factor Authentication (MFA) is a bad bet,” which covered the credential stuffing attack launched against DraftKings? It turns out both the FBI and Joseph Garrison remember the incident. The Department of Justice just charged Garrison with compromising 1,600 accounts and stealing $800,000.

When the FBI searched his residence, they found computers loaded with credential stuffing tools OpenBullet and SilverBullet. They also discovered lists of over 38 million usernames and passwords he’d been feeding into the tools to see if anyone was guilty of password reuse.

While going through his phone, the FBI found additional evidence implicating Garrison, including these:

Here’s the “Method “for liquidating the accounts once compromised:

Takeaways:

• Don’t reuse passwords.

• Enable multifactor authentication. If you don’t, someone else might.

• If you are working on the other side of the fence, secure encrypted communications might be something to consider.

Source: Department of Justice

Would you like a free, no-obligation Cybersecurity Benchmarking of your organization showing where you stand vs. industry-accepted practices? Click here to schedule a time with one of our associates.