BBC: Spanish police arrest blackmailing Nintendo hacker [update]

According to a report from BBC News, Spanish police recently arrested a man in the southern province of Malaga who illicitly obtained personal information on over 4,000 "Nintendo users" -- assumedly gamers who made purchases on the Wii and DSi Stores. The man reportedly warned Nintendo that he would contact the country's data protection agency and reveal the gaps in Nintendo's defenses -- though it's unclear whether the info was obtained directly through Nintendo or a third-party source. After Nintendo failed to respond to him, he reportedly began to leak the info onto the internet.

We've contacted Nintendo for a comment on the BBC report, but don't have our fingers crossed as this is still an ongoing investigation. Maybe we should contact this incarcerated hacker to get Nintendo's comment, since he's apparently capable of getting all up in their infos.

Update: According to a report on El Mundo, the hacked data in question didn't come from one of the console-based services, but a website for upcoming 3DS preview events. ElOtroLado user adan_gecko discovered a vulnerability allowing any user to see or even modify the list of people who signed up for more information. He said that he reported this vulnerability to Nintendo, and this appears to be the infraction in question. Thanks to Elideb for the extra information.

Reader Comments (19)

"I award you no Wii points, and may God have mercy on your soul."

ouch for Nintendo

@echerringtonYAHOOCOM

But I hope they get him. "4,000 Nintendo users" sheesh

@echerringtonYAHOOCOM

That's like their entire user-base! (hah, is joke)

"Spanish police", my ass! This reminds me of the opening scenes in Quantum of Solace.

Reggie: The first thing you should know about us is... we have people everywhere.

That's not nice.

I don't get this... having a security flaw is one thing, but punishing your fellow gamers because "the man" isn't listening to you kinda defeats the whole point, doesn't it?

¿QUÉ?

HEY JOYSTIQ WHERE ARRRR THE BABY
PIRATES FOR THIS STORY?????

@Adhesive

I think those baby pirates steal games only. Since they probably can't read, "4,000 Nintendo user" infos will be useless to their plundering.

I wish this report didn't come from AFP or AP - though linked to the BBC, it's briefness indicates indicates that this was performed by a poor desk-bound reporter at some 'copy factory'. Not nearly enough information, you know.

Nintendo and online; it's just embarrassing. Maybe this is simply the action of a trusted partner, former or present; say a developer or a publisher or an employee of Nintendo Europe. Or maybe some clever clogs might have compromised network security, or whatnot. But compromise occurs only where there is slackness, and given the woeful state of Nintendo online...I don't know.

Part of me feels like that, unless the Spaniard was demanding capital, he should be released without charge. The onus should be on the protectorate of information, in this case Nintendo, and not the compromiser - or leaker.

@Nigeria

Also: "4,000 "Nintendo users";

[A, B, ... n] or [A-Z];

IT sucks to be that guy because nintendo does not mess around with pirates and he will probably long time paying off this stunt

Modern day hero in the making here folks.

nintendo online sucks anyway

and it really shouldnt

i want a new rogue squadron....

Situations like this is why Nintendo is frightened of the internet. Clearly.

I don't get it... so he hacks nintendo and then threatens to give the data to the government? What was he hoping the government would do, besides start searching for him? I'm pretty sure just sending the information to Nintendo would convince them to upgrade their security

@KaBob799

The problem is that this story is not that true. These days Nintendo is carrying out an event to test the Nintendo 3DS before its launch date. You must register on a website (pruebayveras.com) first to test the console. The "hacker" tried to put "admin.pruebayveras.com" on his internet browser and the 4k user data appeared on his computer screen. No login or password was required. This user emailed Nintendo to tell him the situation and "threatened" to denounce them to the Spanish Agency for Data Protection. Nintendo never answered him, but they said to the media that a "hacker" had stole the data and was threatening them.

The full story is in this web (the "hacker" is user from this web): http://www.elotrolado.net/noticia_la-verdad-sobre-el-supuesto-robo-de-datos-y-chantaje-a-nintendo-actualizado_18733

So what do we learn boys and girls?

When you find that huge vulnerability by mistake, don't warn the company, just stick it straight on 4chan. Saves you being kicked in the teeth for being a good guy.

BBC: Spanish police arrest blackmailing Nintendo hacker [update]

Reader Comments (19)

Posted: Feb 15th 2011 11:00AM onan said

Posted: Feb 15th 2011 11:03AM echerringtonYAHOOCOM said

Posted: Feb 15th 2011 11:05AM echerringtonYAHOOCOM said

Posted: Feb 15th 2011 11:47AM DekuTree said

Posted: Feb 15th 2011 11:06AM A Sandwich said

Posted: Feb 15th 2011 11:07AM VeeDeeVee said

Posted: Feb 15th 2011 11:21AM Shockwave said

Posted: Feb 15th 2011 11:22AM CaptainProtonX said

Posted: Feb 15th 2011 11:56AM Adhesive said

Posted: Feb 15th 2011 12:02PM Marco le Polo said

Posted: Feb 15th 2011 12:02PM Nigeria said

Posted: Feb 15th 2011 12:03PM Nigeria said

Posted: Feb 15th 2011 12:02PM Retrofraction said

Posted: Feb 15th 2011 12:58PM BigEgo007 said

Posted: Feb 15th 2011 1:08PM DrunkFux said

Posted: Feb 15th 2011 1:28PM thisredengine said

Posted: Feb 15th 2011 2:16PM KaBob799 said

Posted: Feb 15th 2011 4:07PM BigN said

Posted: Mar 13th 2011 9:10AM (Unverified) said

Info

Description

MSRP

Release Date

Genre

Developer

Publisher

Rating

Breaking News

WB conjures up Harry Potter for Kinect this fall

Featured Stories

Silver Lining: I Am Alive's unfeeling world

Game Of Thrones and the paradoxes of adaptation

Super Joystiq Podcast 004: 38 Studios meltdown, Gravity Rush, Civilization 5: Gods & Kings, Dragon's Dogma

Engadget

TUAW

Massively

WoW