Industry News

Man admits hacking Nintendo, leaking details of Switch games console

Man admits hacking Nintendo, leaking details of Switch games console

A 21-year-old Californiana man has pleaded guilty to hacking into into the servers of Nintendo and stealing confidential information about the (then upcoming) Nintendo Switch video game console.

The case dates back to 2016 when Ryan S Hernandez, who was a minor at the time, and an associate successfully phished the login credentials of a Nintendo employee and were able to gain access and download confidential product information.

The stolen files, including pre-release information related to the hotly-anticipated Nintendo Switch console, were then leaked to the public.

In October 2017, an FBI investigation into the hack brought the authorities to the home of Hernandez and his parents. Teenage Hernandez promised officers that he would not engage in any further malicious activity and said that he understood the consequences if he were to hack in future.

However, as a Department of Justice press release spells out, Hernandez (who also went by the name Ryan West, and the online handle “RyanRocks”) continued to hack into Nintendo’s servers from at least June 2018 to June 2019, stealing confidential information about various popular video games, gaming consoles, and developer tools.

Apparently not having learnt his lesson from his previous brush with the law, Hernandez bragged about his exploits on social media, and shared the stolen information with others.

Audaciously, Hernandez operated an online Discord chat forum – which he called “Ryan’s Underground Hangout” – where he and others discussed not only Nintendo’s products, but also shared information about possible vulnerabilities on the gaming giant’s network.

Inevitably, the FBI paid Hernandez another visit and searched his home. Electronic devices were seized, and thousands of confidential Nintendo files were uncovered.

In addition, the authorities discovered a folder on one of his drives called “Bad stuff” which contained more than one thousand videos and images of child sexual abuse.

Hernandez faces up to five years in prison for computer fraud and abuse, and 20 years in prison for possession of child sexual abuse material.

He has agreed to pay $259,323 in restitution to Nintendo for costs associated with the hack, and will also be required to register as a sex offender.

Hernandez is due to be sentenced on 21 April 2020.

About the author


Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.