Nintendo Blackmailer Caught

[Another World]

Nintendo Blackmailer Caught
Accused Nintendo of Negligence

A man accused of illegally obtaining user data was arrested in the southern province of Malaga. The man attempted to “blackmail” Nintendo by threatening to release the database of user information to the Internet. The personal information of more than 4,000 users was stolen and authorities are unsure where the theft began. Nintendo has yet to comment on the case as it is still an active and ongoing investigation.

 Source

 

[Ikki]

That was kinda fast.

 

[Joktan]

i have no idea why someone would want to blackmail nintendo...

 

[notmeanymore]

i have no idea why someone would want to blackmail nintendo...

Free 3DS? idk

 

[Creqaw]

The version I heard was, the "hacker" added admin in front of the url and he got admin access and did a database dump, then he called Nintendo to fix up their security, Nintendo didn't give a shit and did nothing and the guy wanted to sue Nintendo regarding something about privacy whatever and after leaking parts of the database to get Nintendo's attention, he got sued.

 

[El_Harto]

"by threatening to release the database of user information to the Internet."

This is false, he sent an email to nintendo notifying the fail on their website and then 'blackmailed' them by asking for something both of them could agreen in order for him to not make public their mistake and bring them to the law.


Sorry for my bad english.

 

[radorn]

GBAtemp, this news are incorrect, and it's just Nintendo's poisonous PR shit.
I'm amazed they are being such bastards with this.
This is what happened:
Nintendo opened a site www.pruebayveras.com to manage appointments for the 3DS events in Spain.
You go there and sign up for going to one of the events.
The poor guy found a security hole that the company that made the site had left that allowed any potential attacker that did the unbelievably complex procedure Django0 described to access all the users' data.
His first action was contacting Nintendo to tell them to fix it, telling them that if they didn't he'd file a claim to the official body of personal data protection of Spain, the Agencia Española de Proteccion de Datos https://www.agpd.es/portalwebAGPD/index-ides-idphp.php to take care of the issue.

Instead of thanking him, they decided that the best defense is a good attack, so they took the lead and (dis)informed police and media about an attack on their servers and the attacker blackmailing them which is complete bullshit.

Now the guy is arrested and Nintendo is playing victim.

I play nintendo's crap, but they are a bunch of bastards when it comes to legal crap and PR.

 

[Cuelhu]

GBAtemp, this news are incorrect, and it's just Nintendo's poisonous PR shit.
I'm amazed they are being such bastards with this.
This is what happened:
Nintendo opened a site www.pruebayveras.com to manage appointments for the 3DS events in Spain.
You go there and sign up for going to one of the events.
The poor guy found a security hole that the company that made the site had left that allowed any potential attacker that did the unbelievably complex procedure Django0 described to access all the users' data.
His first action was contacting Nintendo to tell them to fix it, telling them that if they didn't he'd file a claim to the official body of personal data protection of Spain, the Agencia Española de Proteccion de Datos https://www.agpd.es/portalwebAGPD/index-ides-idphp.php to take care of the issue.

Instead of thanking him, they decided that the best defense is a good attack, so they took the lead and (dis)informed police and media about an attack on their servers and the attacker blackmailing them which is complete bullshit.

Now the guy is arrested and Nintendo is playing victim.

I play nintendo's crap, but they are a bunch of bastards when it comes to legal crap and PR.

are you saying that they arrested him just because Nintendo "asked"? That's a problem with your justice. What proof they had to arrest him?

 

[iggloovortex]

the fact that he had gotten in was proof enough.
but nintendo really did fuck up
he was trying to fix the issue to prevent the security hole being exploited by others

 

[Greatforce]

If thats all, he has nothing to worry.

 

[FluffyLunamoth]

GBAtemp, this news are incorrect, and it's just Nintendo's poisonous PR shit.
I'm amazed they are being such bastards with this.
This is what happened:
Nintendo opened a site www.pruebayveras.com to manage appointments for the 3DS events in Spain.
You go there and sign up for going to one of the events.
The poor guy found a security hole that the company that made the site had left that allowed any potential attacker that did the unbelievably complex procedure Django0 described to access all the users' data.
His first action was contacting Nintendo to tell them to fix it, telling them that if they didn't he'd file a claim to the official body of personal data protection of Spain, the Agencia Española de Proteccion de Datos https://www.agpd.es/portalwebAGPD/index-ides-idphp.php to take care of the issue.

Instead of thanking him, they decided that the best defense is a good attack, so they took the lead and (dis)informed police and media about an attack on their servers and the attacker blackmailing them which is complete bullshit.

Now the guy is arrested and Nintendo is playing victim.

I play nintendo's crap, but they are a bunch of bastards when it comes to legal crap and PR.

are you saying that they arrested him just because Nintendo "asked"? That's a problem with your justice. What proof they had to arrest him?

Money can do wonders when you have a lot of it, my friend.

 

[golden]

GBAtemp, this news are incorrect, and it's just Nintendo's poisonous PR shit.
I'm amazed they are being such bastards with this.
This is what happened:
Nintendo opened a site www.pruebayveras.com to manage appointments for the 3DS events in Spain.
You go there and sign up for going to one of the events.
The poor guy found a security hole that the company that made the site had left that allowed any potential attacker that did the unbelievably complex procedure Django0 described to access all the users' data.
His first action was contacting Nintendo to tell them to fix it, telling them that if they didn't he'd file a claim to the official body of personal data protection of Spain, the Agencia Española de Proteccion de Datos https://www.agpd.es/portalwebAGPD/index-ides-idphp.php to take care of the issue.

Instead of thanking him, they decided that the best defense is a good attack, so they took the lead and (dis)informed police and media about an attack on their servers and the attacker blackmailing them which is complete bullshit.

Now the guy is arrested and Nintendo is playing victim.

I play nintendo's crap, but they are a bunch of bastards when it comes to legal crap and PR.

are you saying that they arrested him just because Nintendo "asked"? That's a problem with your justice. What proof they had to arrest him?

Problem with justice? lol You seem to live on planet fantasy land where everything is fair and sugarcoated with little heart shaped cupcake sprinkles. Get real, that is precisely why they arrested him.

 

[DiscostewSM]

If people say the source article is incorrect, then where is the proof that confirms that notion, or at least opposes the original? This is why news submissions here on GBATemp require a source for validity.

 

[KamiKazeKenji]

GBAtemp, this news are incorrect, and it's just Nintendo's poisonous PR shit.
I'm amazed they are being such bastards with this.
This is what happened:
Nintendo opened a site www.pruebayveras.com to manage appointments for the 3DS events in Spain.
You go there and sign up for going to one of the events.
The poor guy found a security hole that the company that made the site had left that allowed any potential attacker that did the unbelievably complex procedure Django0 described to access all the users' data.
His first action was contacting Nintendo to tell them to fix it, telling them that if they didn't he'd file a claim to the official body of personal data protection of Spain, the Agencia Española de Proteccion de Datos https://www.agpd.es/portalwebAGPD/index-ides-idphp.php to take care of the issue.

Instead of thanking him, they decided that the best defense is a good attack, so they took the lead and (dis)informed police and media about an attack on their servers and the attacker blackmailing them which is complete bullshit.

Now the guy is arrested and Nintendo is playing victim.

I play nintendo's crap, but they are a bunch of bastards when it comes to legal crap and PR.

Wow, if all that's true, then Nintendo's seriously ****'d up. The guy tries to helps Nintendo and he ends up getting kicked in the face by them. Truly sad.

-2 respect for Nintendo.

 

[radorn]

big companies have more resources than particulars.
money buys you an army of 24/7 lawyers to help them decide what to do at any moment to get their cause through. That happens everywhere, not just spain.

nintendo went to police and media saying "the attacker" got in thanks to "hacking techniques" and stole data in order to blackmail them... while the guy was waiting for nintendo to close their gigantic security hole (change "www" to "admin" in the URL and get all the users data without even entering a single password) and/or reply to his emails.
the guy was just naive thinking that his help would be appreciated

for those asking for proof and shit. I can't be arsed. no proof has been provided to sustain the news article's (nintendo's) version of the events either.
if you are so interested, learn spanish and start here http://www.elotrolado.net/noticia_la-verda...tualizado_18733

 

[GH0ST]

"The best defense is a good offense"... even white hat hackers were under agressive attack sometimes for accessing weak Databases and reporting them ( Kitetoa vs Tati ...) not to mention reversing poor antivirus code ( guillermito )