Nintendo Hacker's Sentence: 3 Years in PrisonProsecutors Say Ryan Hernandez Used Phishing Emails to Steal Confidential Data
A 21-year-old California man who pleaded guilty to repeatedly hacking gaming company Nintendo to steal confidential data has been sentenced to serve three years in federal prison, the U.S. Justice Department announced.
Ryan Hernandez of Palmdale, California, pleaded guilty to federal hacking charges as well as possession of child pornography in January after FBI agents found images on computers seized during the 2019 investigation (see: California Man Pleads Guilty to Hacking Nintendo).
In addition to the prison term, Hernandez is required to pay $259,323 in restitution to Nintendo for remediation costs. The court also ordered Hernandez to be placed on seven years’ supervised release following prison and required him to be registered as a sex offender.
Starting in 2016, when he was still a minor, Hernandez made attempts to hack into Nintendo servers using phishing techniques to steal the credentials of company employees, according to the Justice Department.
At one point, Hernandez leaked information about the anticipated Nintendo Switch console. In 2017, FBI agents confronted Hernandez at his parents' home, and he agreed to stop hacking Nintendo in exchange for federal authorities not pressing charges, according to court documents.
Between June 2018 and June 2019, federal prosecutors say, Hernandez returned to hacking Nintendo, including the portal of the company's developer, in an attempt to steal additional company data and developer tools.
"Hernandez returned to his malicious activities, hacking into multiple Nintendo servers and stealing confidential information about various popular video games, gaming consoles and developer tools," prosecutors say.
At the same time, Hernandez began discussing his hacking of Nintendo on social media platforms, including Twitter, as well as on an online chat forum called "Ryan's Underground Hangout," where he posted details about the hacks as well as vulnerabilities in Nintendo's systems, according to the Justice Department.
In June 2019, FBI agents raided Hernandez's home and seized computers and other hardware, including an Apple MacBook, a Seagate hard disk drive and several Nintendo devices, on which they found thousands of confidential Nintendo documents as well as images of minors contained in a file labeled "Bad Stuff," prosecutors say.
Nintendo a Target
Over the years, Nintendo has proven to be a tempting target for hackers.
In April 2019, two U.K. citizens were given suspended sentences for compromising the corporate networks of Microsoft and Nintendo (see: Hacker Who Hit Microsoft and Nintendo: Suspended Sentence).
Between 2017 and 2018, Zammis Clark, a former security researcher at Malwarebytes, and his accomplice, Thomas Hounsell, breached the two companies' networks to steal in-development software and other sensitive information, which resulted in total damages of about $4 million, according to British law enforcement officials.
Clark hacked into corporate Nintendo servers using VPN access to compromise the network security, authorities say. Once in, he accessed "highly confidential game development" that contained development code meant for then-unreleased games. He then went on to steal 2,365 usernames and passwords from Nintendo's servers and continued his efforts until Nintendo finally discovered the breach in May 2018, U.K. authorities say.