A 21-year-old California man pleaded guilty to hacking into Nintendo servers multiple times since 2016, using phishing techniques to gain early access to information about the company’s plans.
Ryan S. Hernandez, who frequented RyanRocks online, teamed up with an unnamed employee to phishing employee credentials for Nintendo’s own servers, according to a lawsuit filed in Washington federal court in December and released over the weekend. was unlocked. Hernandez used that unauthorized access to “download thousands of files, including proprietary developer tools and non-public information” about upcoming Nintendo products and “access illegal and unreleased video games.”
That information (and discussion of Nintendo’s internal server vulnerabilities) was leaked to the public via Twitter, Discord and a chat room called “Ryan’s Underground Hangout,” prosecutors said. At one point, “RyanRocks” drew at least a bit of infamy in the Nintendo hacking community for allegedly leaking a Nintendo Software Development Kit that had a piece of hidden Remote Access Tool malware added to it.
FBI agents confronted Hernandez about his hacking in 2017, according to a prosecution press release, and received a promise from Hernandez “to stop further malicious activity.” But the hacking continued in 2018 and 2019, according to the indictment, until an FBI raid in June 2019 obtained hard drives containing thousands of Nintendo files of their own. The seized hard drives also contained sexually explicit images of minors in a folder labeled “BAD STUFF,” according to prosecutors.
Hernandez has agreed to pay Nintendo nearly $260,000 as part of a plea deal. Prosecutors are recommending a three-year prison term for Hernandez’s crimes, when the sentence is decided in April.