Tracking & Law Enforcement

Fourth Suspect Admits Hacking Microsoft, Video Game Firms

Austin Alcala, a 19-year-old of McCordsville, Indiana, has admitted being part of a cybercriminal group that targeted Microsoft and several video game companies, the U.S.

By
Eduard Kovacs
| April 2, 2015 (5:02 PM ET)

Flipboard

Reddit

Whatsapp

Whatsapp

Email

Austin Alcala, a 19-year-old of McCordsville, Indiana, has admitted being part of a cybercriminal group that targeted Microsoft and several video game companies, the U.S. Department of Justice announced on Wednesday.
The teen has pleaded guilty to conspiracy to commit computer intrusions and criminal copyright infringement. Alcala and his co-conspirators broke into the systems of major tech companies and stole source code, unreleased software, financial data, and proprietary information.
The suspects targeted companies such as Microsoft, Zombie Studios, Valve Corporation, and Epic Games. From Zombie Studios members of the conspiracy stole an Apache helicopter simulator developed by the company for the U.S. Army. From Microsoft they took source code and technical details on the then-unreleased Xbox One console, proprietary data related to Xbox Live, and games developed for the platform.
Members of the hacking ring used the stolen information to build their own version of the Xbox One console before its release. They even attempted to sell one of the counterfeit devices, but the package was intercepted by the FBI.
Alcala has admitted personally taking part in some of the attacks, including the ones targeted at Microsoft and Zombie Studios. He also confessed to transmitting a database containing more than 11,000 login credentials obtained from one of the targeted companies to his co-conspirators.
According to authorities, the damage caused by the hackers, including the value of the stolen information and the amounts paid by victims as a result of the attacks, is estimated to be between $100 million and $200 million. The government has seized more than $620,000 in cash and other proceeds.
Advertisement. Scroll to continue reading.

Alcala, who is the fourth suspect to plead guilty in this case, will be sentenced on July 29. Sanadodeh Nesheiwat, 28, of Washington, New Jersey, Nathan Leroux, 20, of Bowie, Maryland, and David Pokora, 22, of Mississauga, Ontario, Canada previously pleaded guilty to the same conspiracy charge. They remain in custody until their sentencing.

Written By Eduard Kovacs

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

More from Eduard Kovacs

Texas Parks & Wildlife Data Breach Affects 3 Million Individuals
Cisco to Acquire WideField Security to Boost Splunk’s Agentic SOC
Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure
Accenture to Acquire Majority Stake in Dragos, All of runZero, NetRise in $4.1 Billion OT Cybersecurity Push
Rokarolla Banking Trojan Targets 200 Applications
SailPoint to Acquire Entro in Reported $200 Million Deal
Kodak Admits Data Breach After ShinyHunters Hack Claims
1Password Acquires Apono in Reported $250M-$300M Deal

Latest News

Xsolis Data Breach Affects 1.4 Million Individuals
Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data
Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data
North Korean Hackers Blamed for Mastra NPM Supply Chain Attack
What the Latest ShinyHunters Breaches Reveal About Modern Cyberattacks
New Exploit Bypasses Apple’s Boot Defenses, Affects Millions of iPhones
Fortinet Responds to FortiBleed Campaign
More Cybersecurity Firms Disclose Impact From Klue Hack

Click to comment

Trending

Daily Briefing Newsletter
Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: How Modern Breaches Bypass MFA and Evade Detection

June 17, 2026

Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes.
Register

Webinar: Modern Exposure Validation in the AI Era

June 24, 2026

AI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program.
Register

People on the Move
SolarWinds has appointed Justin Henkel as Chief Information Security Officer.
J. Paul Haynes has joined Cinchy as Chief Executive Officer.
Hatem Naguib has become Chief Executive Officer at Sysdig.
More People On The Move
Expert Insights

What the Latest ShinyHunters Breaches Reveal About Modern Cyberattacks

Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage. (Torsten George)

No Exploits Required

Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures. (Tod Beardsley)

After AI Reaches Production: 12 Ways Security Teams Can Take Control

Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production. (Joshua Goldfarb)

Everybody Is Vibe Coding But Nobody Told the Security Team

AI-driven development is not something organizations can or should block. But it must be governed. (Danelle Au)

The Zero-Knowledge Threat Actor and the End of Responsible Disclosure

AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code. (Etay Maor)

Flipboard

Reddit

Whatsapp

Whatsapp

Email

SECURITYWEEK NETWORK:

ICS:

SecurityWeek

Tracking & Law Enforcement

Fourth Suspect Admits Hacking Microsoft, Video Game Firms

More from Eduard Kovacs

Latest News

Trending

Webinar: How Modern Breaches Bypass MFA and Evade Detection

Webinar: Modern Exposure Validation in the AI Era

People on the Move

Expert Insights

What the Latest ShinyHunters Breaches Reveal About Modern Cyberattacks

No Exploits Required

After AI Reaches Production: 12 Ways Security Teams Can Take Control

Everybody Is Vibe Coding But Nobody Told the Security Team

The Zero-Knowledge Threat Actor and the End of Responsible Disclosure