Two men have been sentenced to between six and 15 months of jail time by a London court after one obtained confidential information from Microsoft and Nintendo's internal servers.
The Verge reports that 24-year-old security researcher Zammis Clark pleaded guilty to hacking into the internal networks of the two publishers, after using illicit access to steal thousands of files.
After gaining access to a Microsoft server using an internal username and password in January 2017, Clark used remote web shells to access and download over 43,000 files and shared them online via IRC channels.
Another man, Thomas Hounsell, faced lesser charges after using Clark’s breach to perform over 1,000 searches for products, codenames, and build numbers in a little over two weeks.
Clark was arrested for this breach in June 2017 but proceeded to breach Nintendo through VPNs while awaiting trial after being released on bail. By doing so, he was able to access and acquire numerous emails and passwords.
Nintendo believes it may have suffered damages from $900,000 to $2 million, while Microsoft is estimating it suffered $2 million. Clark has been sentenced to a total of 15 months imprisonment, suspended for 18 months, while Hounsell faces six months imprisonment, suspended for 18 months, with 100 hours of community service.
"Today's action by the Courts in the UK represents an important step," said CVP of customer security and trust at Microsoft Tom Burt regarding the trial.
"Stronger internet security not only requires strong technical capability but the willingness to acknowledge issues publicly and refer them to law enforcement.
“No company is immune from cybercrime. No customer data was accessed, and we're confident in the integrity of our software and systems. We have comprehensive measures in place to prevent, detect, and respond to attacks."
In its own statement, Nintendo added: “Nintendo is committed to protecting its intellectual property and consistently evaluates and updates its data protection and security protocols accordingly. However, despite our ongoing efforts, we discovered that our corporate servers were illegally accessed last year.
“Though no consumer data was accessed as part of this incident, we continue to hold the protection of both our consumers' data and our intellectual property as a top priority in our data management operations."