Cyber Incident Victim: Nintendo Co., Ltd.
Date:
Jan 2016
Location:
United States of America
Summary
A California man hacked into Nintendo's systems using stolen employee credentials obtained via phishing, leaking confidential data including pre-release details about the Switch console. Despite FBI warnings, he continued breaching servers, stealing proprietary game and console information, and openly shared stolen data through social platforms and a dedicated forum while discussing network vulnerabilities. Law enforcement later seized devices containing thousands of the company's files, pirated software tools, and illicit child exploitation material. The perpetrator pleaded guilty to computer fraud and child pornography possession, receiving a prison sentence, supervised release, sex offender registration, and restitution payments.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In 2016, Ryan S. Hernandez, then a minor residing in Palmdale, California, and an associate executed a phishing attack to compromise a Nintendo employee’s credentials. These credentials provided unauthorized access to Nintendo’s internal systems, enabling Hernandez to download confidential files related to unreleased games and consoles, including details about the then-upcoming Nintendo Switch. The stolen proprietary data was subsequently leaked to the public. The Federal Bureau of Investigation (FBI) identified Hernandez’s involvement and contacted him and his parents in 2017. During this interaction, Hernandez assured agents he would cease all cybercriminal activities. However, between June 2018 and June 2019, he resumed hacking Nintendo’s servers, exfiltrating additional confidential information about gaming consoles, developer tools, and unreleased titles. Hernandez openly discussed his intrusions on social media platforms, including Twitter and Discord, and operated a dedicated forum titled "Ryan’s Underground Hangout" to share stolen Nintendo data and network vulnerabilities. His online activities drew renewed attention from law enforcement due to their public nature and continued breaches of Nintendo’s systems.
The FBI executed a search warrant at Hernandez’s residence in June 2019, seizing computers, hard drives, and circumvention devices used for pirating games. Forensic analysis confirmed the presence of thousands of Nintendo’s confidential files on his devices. Additionally, investigators discovered over 1,000 files of child sexual abuse material stored in folders labeled "Bad Stuff," revealing Hernandez’s involvement in unrelated criminal conduct. In January 2020, Hernandez pleaded guilty to federal charges of computer fraud and abuse and possession of child pornography. He agreed to pay $259,323 in restitution to Nintendo for damages incurred through his intrusions. On December 1, 2020, the U.S. District Court sentenced Hernandez to three years in prison, followed by seven years of supervised release, and mandated his registration as a sex offender. The prosecution highlighted the deliberate nature of his actions, emphasizing his disregard for prior FBI warnings and the dual criminal conduct involving corporate espionage and exploitation of minors.