Zammis Clark, known online as Slipstream or Raylee, "was charged on multiple counts of computer misuse offences in a London Crown Court and pleaded guilty to hacking into Microsoft and Nintendo networks.
Prosecutors revealed that Clark had gained access to a Microsoft server on 24 January 2017 and used an internal username and password. Then he uploaded a web shell to remotely access Microsoft's network freely for at least three weeks.
According to the VergeVerge Clark uploaded multiple shells which allowed him to search through Microsoft's network, upload files, and download data.
More than 43,000 files were nicked after Clark targeted Microsoft's internal Windows flighting servers. These servers contain confidential copies of pre-release versions of Windows and are used to distribute early beta code to developers working on Windows.
Clark targeted unique build numbers to gain information on pre-release versions of Windows in around 7,500 searches for unreleased products, codenames, and build numbers.
Clark then shared access to Microsoft's servers through an Internet Relay Chat (IRC) server chatroom, allowing other individuals to access and steal confidential information.
Prosecutors say other hackers from France, Germany, the United Arab Emirates, and other countries were then able to access Microsoft's servers.
Police found the stolen files on Clark's home computer after a joint investigation involving Microsoft's cyber team, the FBI, Europol, and the NCA's National Cyber Crime Unit (NCCU).
The Microsoft intrusion ended when Clark uploaded malware onto Microsoft's network, and he was subsequently arrested in June 2017.
Clark was bailed without any restrictions on his computer use and went on to hack into Nintendo's internal network in March last year. Clark gained access through Virtual Private Networks (VPNs) and used similar software to hack into Nintendo's highly confidential game development servers.
These servers store development code for unreleased games, and Clark was able to steal 2,365 usernames and passwords until Nintendo eventually discovered the breach in May 2018. Nintendo estimates the cost of damages between $913,000 and $1.8 million, and Microsoft previously provided the court with a vague estimate of around $2 million in damages.
Thomas Hounsell, 26, known in the Windows community for running the now discontinued BuildFeed website, appeared alongside Clark in court on Thursday for using Clark's Microsoft server breach to conduct more than 1,000 searches for products, codenames, and build numbers over a 17-day period.