We store cookies, you can get more info from our privacy policy.

Spanish Man Arrested for Leaking Nintendo User Data

by Karlie Yeung - February 15, 2011, 5:55 pm EST
Total comments: 11 Source: http://www.bbc.co.uk/news/technology-12456922

The stolen data was allegedly used in an attempt to blackmail Nintendo.

An unnamed man in Malaga, Spain was arrested for leaking stolen user data from Nintendo owners. It is unknown whether the data came from Nintendo's systems or a third party.

According to the Interior Ministry of Spain, the man obtained data on 4,000 Nintendo users and threatened Nintendo with a negligence report to Spain's data protection agency. When Nintendo did not respond, he began the data leak and intended to put the full user database online.

Nintendo could not give a comment on the situation due to the active investigation.

Talkback

King of TwitchFebruary 15, 2011

Idiot.

TJ SpykeFebruary 15, 2011

Wait, so he somehow (probably illegally) obtained private data from Nintendo and thought Nintendo would get in trouble? Wouldn't this be like stealing credit card data from a company and then threatening to go to the police with it? if anything, he would have been the one getting in trouble if he had reported it.

Or to sum it up, what Frodo said.

UncleBobRichard Cook, Guest ContributorFebruary 16, 2011

Woah, woah, woah... this isn't quite the story I heard...

My understanding is that the guy "hacked" their site by simply replacing the "www" part of the URL with "admin" - and it logged him into their site, without requiring any kind of password or authentication.

Supposedly, he contacted Nintendo multiple times - and the issue was never fixed or addressed.  Then, apparently, he "leaked" the initials of one individual on a forum (I assume to prove he wasn't making it up).

Read much more about it here: http://www.alertboot.com/blog/blogs/endpoint_security/archive/2011/02/15/data-encryption-software-promotional-nintendo-3ds-site-hacked-nintendo-being-investigated-for-data-breach-in-spain.aspx

TJ SpykeFebruary 16, 2011

Whichever side is true, he still tried to blackmail Nintendo.

Quote from: TJ

Whichever side is true, he still tried to blackmail Nintendo.

That depends on the definition under Spanish law. For instance, US law stipulates that the person "demands or receives any money or other valuable thing."

UncleBobRichard Cook, Guest ContributorFebruary 16, 2011

Quote from: TJ

Whichever side is true, he still tried to blackmail Nintendo.

He told Nintendo what the problem was, why it was such a problem, and how to fix it (while asking for a job).  I don't think that's blackmail.

TJ SpykeFebruary 16, 2011

Threatening to contact authorities if they didn't contact him first is suspicious (it depends on what he wanted).

ShyGuyFebruary 16, 2011

This is how you trace the purchase history of Nintendo hardware, isn't it UncleBob?

oohhboyHong Hang Ho, Staff AlumnusFebruary 16, 2011

That was damn informative Unclebob. While both sides were idiotic, Nintendo bear the greater responsibility for such a ridiculous breach in security given the amount of trust placed. Through incompetence or embarrassment, who ever received the e-mail over at Nintendo dealt with it poorly by trying to sweep it under the rug. The rubbish e-mail sent to Nintendo didn't help matters, along with the dude's decision to go on-line to debate the moral implications.

He had 5 options.

1. Do nothing. Effectively removes most of the liability on his part assuming he literally does nothing and holds none of the data. Nintendo and the users people run the risk of massive damage from someone far more unscrupulous and competent.

2. Go straight to the authorities. Given the the size of Nintendo, it would no doubt cause a scandal. Most damaging to Nintendo. Users get protected. Dude walks.

3. Talk to Nintendo without implying potential reward/blackmail. Had the potential for the best outcome for all involved. Nintendo get to fix the issue quietly. Dude gets tossed a 3DS on launch and/or clear conscience. Requires competence on both sides.

4. Blackmail Nintendo for real.

5. Sell the info.

He chose option 6 which is option 3 with everybody falling over each other to fuck up the most. Dude goes to court. Nintendo gets a scandal and real hackers of lesser scruples are no doubt having a real go at them now. Heads roll.

Chozo GhostFebruary 16, 2011

Too bad the Spanish inquisition no longer exists. They would have known how to deal with this lowlife.

King of TwitchFebruary 16, 2011

Why are hackers such stupid people? He could've done option 4: Drop the friend codes, give us Earthbound VC and nobody gets hurt. Win-win.

Got a news tip? Send it in!
Advertisement
Advertisement