From kotaku

[b][u]BBC version[/u][/b]

[quote] Data on thousands of gamers swiped. Nintendo threatened with blackmail. Rest easy, because the man accused of these crimes has been nabbed in southern Spain.

The BBC report that according to Spain's Interior Ministry, an unnamed individual was supposedly able to gain data on 4,000 individuals from online databases. He apparently threatened to contact Spain's data protection agency, blaming Nintendo for negligence.

However, the man then began leaking the data online when Nintendo did not respond. The BBC report that he planned to release the full user database online.

However, according to El Mundo, the man is a member of a forum dedicated to privacy and gained access to the data by simply adding "admin" at the front of the URL of a Spanish Nintendo 3DS site. Apparently, he did not even use a password. El Mundo reports that the man then contacted Nintendo of Spain twice about this security loophole. This apparently somehow morphed into the man threatening Nintendo of Spain — and ultimately, in his arrest. http://www.bbc.co.uk/news/technology-12456922
[/quote]

[u][b]The truth:[/b][/u]

[quote]Bash, that's not entirely how things went, no matter how BBC puts it…

Long story short: the guy, a user of one of Spain's most popular internet forums (mainly dedicated to piracy btw… yeah, Spain…) gained access to all the data just by using "admin" and no password (the guy is not a hacker in any way).

He contacted Nintendo twice to inform of the security flaw, stating that the security issue should be amended or it could be reported for a violation of data privacy. It was later reported to local newspapers by other forum members.

Nintendo, instead of accepting guilt, closed the website and reported a "hacker attack" and blackmail.

You can read the real piece of news here, with the links to the original forum posts and e-mails: http://www.elmundo.es/elmundo/2011/02/10/navegante/1297331224.html
[/quote]