Spanish Man Jailed over Leaked Wii User Data

Spanish police have arrested a man for allegedly stealing thousands of Nintendo Wii users’ data, Spain’s Interior Ministry announced. The man, who for the time being has not been identified, contacted Nintendo and threatened to report the company "for negligence" to the country’s data protection agency over data on 4,000 gamers he was able to obtain access to. When Nintendo did not respond, the man leaked some of the user data online, according to police.

No doubt Nintendo contacted authorities first, which lead to the man’s apprehension in the southern province of Malaga. Police claim the man intended to release all the user data he had online.

Nintendo had no comment on the story because, according to the BBC "it was the subject of of an active investigation by the Spanish authorities."

Source: BBC by way of our very own beemoh. Thanks beemoh!

Tweet about this on TwitterShare on FacebookShare on Google+Share on RedditEmail this to someone


  1. 0
    Thad says:

    Wonder what it means by "some".

    Black hats often feel, rightly or wrongly, that if the owner of an unsecured site does not respond to their warnings, the best way to put pressure on them is to go public.

    The claim that the man only revealed some of the info he had, instead of all of it, could mean that he was trying to show the seriousness of the vuln without hurting anybody — or it could mean he was attempting to extort hush money from Nintendo and was showing what he had to prove he was serious.  The story doesn’t have a lot of details, though the claim that he was planning on contacting the authorities with the information suggests he had good intentions.

    What data he leaked is unclear.  I suppose there are ways to leak confidential data that prove you have it but don’t reveal what it is — you could post a one-way hash, or post, say, a customer’s initials and a few digits of his credit card or SSN, something along those lines.  The article says he was planning on releasing the full contents of the DB, though, which if true is obviously a very bad thing and, as you say, not a very effective way to protect people’s privacy.

    Bottom line, I hope Nintendo (or whoever was housing the info) gets their security fixed so nobody else gets ahold of customer data.  And I hope the guy in question gets whatever’s coming to him — if he was trying to extort money, he deserves prison; if he really intended to leak the entire database, he deserves a stiff fine.  But if he really only leaked harmless bits and pieces to try and get Nintendo to take the threat seriously, then I think he should only get a slap on the wrist.

  2. 0
    Alex says:

    "When Nintendo did not respond, the man leaked some of the user data online, according to police."

    …And this seemed like a smart thing to do? Not in the least bit counterproductive to your goals? Hypocitical even, maybe? What’s that saying about "he who fights monsters?"

    I’m not under the affluence of incohol as some thinkle peep I am. I’m not half as thunk as you might drink. I fool so feelish I don’t know who is me, and the drunker I stand here, the longer I get.

Leave a Reply