Topic: Spanish Man Arrested for Leaking Nintendo User Data

[NWR_Karlie]

The stolen data was allegedly used in an attempt to blackmail Nintendo.

http://www.nintendoworldreport.com/news/25388

An unnamed man in Malaga, Spain was arrested for leaking stolen user data from Nintendo owners. It is unknown whether the data came from Nintendo's systems or a third party.

According to the Interior Ministry of Spain, the man obtained data on 4,000 Nintendo users and threatened Nintendo with a negligence report to Spain's data protection agency. When Nintendo did not respond, he began the data leak and intended to put the full user database online.

Nintendo could not give a comment on the situation due to the active investigation.

[King of Twitch]

Idiot.

[TJ Spyke]

Wait, so he somehow (probably illegally) obtained private data from Nintendo and thought Nintendo would get in trouble? Wouldn't this be like stealing credit card data from a company and then threatening to go to the police with it? if anything, he would have been the one getting in trouble if he had reported it.

Or to sum it up, what Frodo said.

[UncleBob]

Woah, woah, woah... this isn't quite the story I heard...

My understanding is that the guy "hacked" their site by simply replacing the "www" part of the URL with "admin" - and it logged him into their site, without requiring any kind of password or authentication.

Supposedly, he contacted Nintendo multiple times - and the issue was never fixed or addressed.  Then, apparently, he "leaked" the initials of one individual on a forum (I assume to prove he wasn't making it up).

Read much more about it here: http://www.alertboot.com/blog/blogs/endpoint_security/archive/2011/02/15/data-encryption-software-promotional-nintendo-3ds-site-hacked-nintendo-being-investigated-for-data-breach-in-spain.aspx

[TJ Spyke]

Whichever side is true, he still tried to blackmail Nintendo.

[MegaByte]

Whichever side is true, he still tried to blackmail Nintendo.

That depends on the definition under Spanish law. For instance, US law stipulates that the person "demands or receives any money or other valuable thing."

[UncleBob]

Whichever side is true, he still tried to blackmail Nintendo.

He told Nintendo what the problem was, why it was such a problem, and how to fix it (while asking for a job).  I don't think that's blackmail.

[TJ Spyke]

Threatening to contact authorities if they didn't contact him first is suspicious (it depends on what he wanted).

[ShyGuy]

This is how you trace the purchase history of Nintendo hardware, isn't it UncleBob?

[oohhboy]

That was damn informative Unclebob. While both sides were idiotic, Nintendo bear the greater responsibility for such a ridiculous breach in security given the amount of trust placed. Through incompetence or embarrassment, who ever received the e-mail over at Nintendo dealt with it poorly by trying to sweep it under the rug. The rubbish e-mail sent to Nintendo didn't help matters, along with the dude's decision to go on-line to debate the moral implications.

He had 5 options.

1. Do nothing. Effectively removes most of the liability on his part assuming he literally does nothing and holds none of the data. Nintendo and the users people run the risk of massive damage from someone far more unscrupulous and competent.

2. Go straight to the authorities. Given the the size of Nintendo, it would no doubt cause a scandal. Most damaging to Nintendo. Users get protected. Dude walks.

3. Talk to Nintendo without implying potential reward/blackmail. Had the potential for the best outcome for all involved. Nintendo get to fix the issue quietly. Dude gets tossed a 3DS on launch and/or clear conscience. Requires competence on both sides.

4. Blackmail Nintendo for real.

5. Sell the info.

He chose option 6 which is option 3 with everybody falling over each other to **** up the most. Dude goes to court. Nintendo gets a scandal and real hackers of lesser scruples are no doubt having a real go at them now. Heads roll.

[Chozo Ghost]

Too bad the Spanish inquisition no longer exists. They would have known how to deal with this lowlife.

[King of Twitch]

Why are hackers such stupid people? He could've done option 4: Drop the friend codes, give us Earthbound VC and nobody gets hurt. Win-win.