A report from The Verge indicates that the former security researcher at Malwarebytes appeared in court in London this week, standing accused of causing an estimated $3 to $4 million in damages.
Clark hacked into various Microsoft servers that contained “confidential copies of pre-release versions of Windows” in 2017. During that time, he facilitated other hackers’ access to the servers via IRC chat, which allowed others to obtain potentially damaging confidential information. After being arrested for his crimes in June 2017, he was released on bail without any further restrictions on his internet or computer use.
He went on in 2018 to use a VPN to access Nintendo’s servers. Once in, he poked around in environments used for “highly confidential game development” that contained development code meant for then-unreleased games, though it isn’t clear at this point which games those were. He stole 2,365 usernames and passwords from Nintendo’s servers and continued to do so until Nintendo finally discovered the breach in May 2018.
After entering his guilty plea, a judge issued a suspended 15-month prison sentence, suspended for 18 months, due to his diagnosis of autism and face blindness, stating that a longer prison stay could put him at risk from violence or reoffending in the future.
“Everything I have heard and been told leads me to believe this is a young man who would suffer disproportionality if he went to prison,” said Judge Alexander Milne, QC.
“I am trusting this will be a lesson from which you will all learn.”