A 21-year-old California man has pleaded guilty to hacking Nintendo’s servers multiple times since 2016, using phishing techniques to gain early access to information about the company’s plans.
Ryan S. Hernandez, who went by RyanRocks online, worked with an unnamed associate to phish employee login credentials for proprietary Nintendo servers, according to an indictment filed in Washington state federal court in December and unsealed over the weekend. Hernandez used that unauthorized access to “download thousands of files, including proprietary developer tools and non-public information” about upcoming Nintendo products and “access pirated and unreleased video games.”
That information (and discussion of Nintendo’s internal server vulnerabilities) was leaked to the public via Twitter, Discord, and a chat room called “Ryan’s Underground Hangout,” prosecutors said. At one point, “RyanRocks” drew at least a little infamy in the Nintendo hacking community for allegedly leaking a Nintendo Software Development Kit that had a piece of hidden Remote Access Tool malware added to it.
FBI agents confronted Hernandez about his hacking in 2017, according to a prosecution press release, and secured a promise from Hernandez “to stop any further malicious activity.” But the hacking continued in 2018 and 2019, according to the indictment, until a June 2019 FBI raid that obtained hard drives with thousands of proprietary Nintendo files. The seized hard drives also included sexually explicit images of minors in a folder labeled “BAD STUFF,” according to prosecutors.
Hernandez has agreed to pay almost $260,000 to Nintendo as part of a plea agreement. Prosecutors are recommending a jail term of three years for Hernandez’s crimes when sentencing is decided in April.