DraftKings Hacker 'Snoopy' Gets 18 Months in Prison

Robert Moore · 2026-06-24

In November 2022, DraftKings users woke up to a nightmare. Over $300,000 was stolen from their accounts in a coordinated cyberattack. Now, one of the hackers has been sentenced. A 21-year-old known by the alias "Snoopy" was handed an 18-month prison sentence for his role in the breach. It's a stark reminder that even the biggest platforms can be vulnerable. But how did this happen, and what can you learn from it? Let's break it down. ### The Attack: How Did They Pull It Off? The hackers didn't use some genius, never-before-seen exploit. They used a technique called credential stuffing. That's where attackers take usernames and passwords leaked from other sites and try them on a new platform. Since many people reuse passwords, it's shockingly effective. In this case, the hackers accessed around 60,000 DraftKings accounts. They then changed the two-factor authentication settings to lock the real owners out. Once inside, they drained funds and cashed out through third-party payment services. The whole thing happened fast. By the time users noticed, the money was gone. ### The Sentence: Justice Served? Snoopy, whose real name is Joseph Garrison, was sentenced in a federal court. He'll serve 18 months in prison, followed by three years of supervised release. He also has to pay restitution—roughly $300,000—to the victims. But here's the thing: Garrison was just one piece of a larger operation. Prosecutors say he worked with a group of international hackers who remain unidentified. So while this sentence is a win for law enforcement, it doesn't close the case. The message is clear: cybercrime has real consequences. But for victims, the money might never come back. ### Why Antidetect Browsers Matter Here This is where the story gets interesting for our audience. The hackers likely used antidetect browsers to cover their tracks. These tools allow users to create multiple digital identities. They can spoof browser fingerprints, IP addresses, and device settings. For legitimate professionals—like marketers or privacy advocates—antidetect browsers are essential for managing multiple accounts without getting flagged. But they're also a double-edged sword. In the wrong hands, they make it harder for authorities to trace criminal activity. That's why the best antidetect browsers now include features to prevent abuse. They require identity verification and limit certain actions. It's a constant cat-and-mouse game between security teams and bad actors. ### What This Means for You If you're a professional using antidetect browsers, this case is a wake-up call. First, never assume your accounts are safe just because you use strong passwords. Enable two-factor authentication on every service that offers it. Use an authenticator app, not SMS, since SIM swapping is a real threat. Second, monitor your accounts regularly. Set up alerts for any login attempts or changes to security settings. Third, consider using a dedicated antidetect browser for high-value accounts. The best antidetect browsers offer advanced protection like keystroke randomization and session isolation. They make it much harder for hackers to mimic your digital footprint. ### The Bigger Picture: Online Security in 2025 This attack happened in 2022, but its lessons are more relevant than ever. Credential stuffing is on the rise. According to recent reports, it accounts for over 30% of all web application attacks. And with AI tools, hackers can automate the process at scale. The average person now has over 100 online accounts. That's 100 potential entry points. The solution isn't just better passwords—it's better habits. Use a password manager. Create unique, complex passwords for every site. And never, ever reuse credentials across platforms. For professionals in the antidetect browser space, this is your chance to lead by example. Show your clients that security isn't a feature—it's a mindset. - Always use unique passwords for every account. - Enable two-factor authentication with an authenticator app. - Monitor account activity for suspicious logins. - Choose an antidetect browser with built-in security features. - Educate your team about credential stuffing risks. ### Final Thoughts The DraftKings hack was a wake-up call for the entire industry. It showed that no platform is immune, and that even simple attacks can cause massive damage. For Joseph Garrison, the price was 18 months of his life. For the victims, it was financial loss and frustration. But for you, it's a chance to learn. Stay vigilant. Use the right tools. And remember: the best defense is a proactive one. If you're serious about protecting your digital identity, invest in a quality antidetect browser. It's not just about anonymity—it's about control.