Man charged with hacking MLB, NBA, NFL, and NHL user accounts to stream games
The US Department of Justice has filed charges today against a Minnesota man who hacked MLB, NBA, NFL, and NHL user accounts in order to supply content to a pirate streaming website that he operated.
Charges were levied against Joshua Streit, 30, of St. Louis Park, Minnesota. The DOJ claims that Streit, who went online as "Josh Brody" or "inflx," operated the HeHeStreams website between 2017 and August 2021.
Officials said that Streit used stolen credentials to access other people's MLB, NBA, NFL, and NHL accounts in order to hijack game streams, which he later re-broadcast on the HeHeStreams website.
The pirated streams were offered part of a paid package that gave buyers access to the streams of all four US sports leagues at prices inferior to those practiced by the leagues' official websites.
In addition, officials said that Streit also attempted to extort the MLB, asking the company to pay $150,000 to disclose details about security flaws that he found on their servers.
US officials didn't say what started the investigation into Streit's operation, but court documents [PDF] detail how the FBI discovered the real-world identity of the HeHeStreams operator, suggesting the case might have started following a complaint against the site.
Per the same documents, the FBI said they were able to track down the HeHeStreams operator after the site's administrator used the same "inflx" username on both the streaming site's chat and on Reddit.
Through data obtained from Reddit, US investigators discovered that the Reddit account had been registered with an email address used by Streit for his personal blog, where he often posted cybersecurity research.
In addition, data provided by other companies and internet service providers firmly established a link between the HeHeStreams operator and Streit's home IP address.
Streit faces up to 60 years in prison if found guilty on all charges. The MLB claims that his hacking incurred losses of around $3 million, money that he might need to pay to the company.
An email seeking comment sent to Streit's publicly-listed email address was not returned.
Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.