Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

DOJ: Pirated Sports Streamer Hacked Accounts, Extorted MLB

DOJ: Pirated Sports Streamer Hacked Accounts, Extorted MLB

The U.S. Attorney’s Office for the Southern District of New York has charged a man for illegally streaming MLB, NBA, NFL, and NHL games via the web and hacking into sports leagues’ customer accounts.

Also Read: New Licensing Requirements For Cyber-Security Service Providers in 2022

The charged individual is Joshua Streit, 30, of Minnesota, who allegedly streamed illegal re-broadcasts of major American sports leagues, including the Major League Baseball (MLB), National Basketball Association (NBA), National Football League (NFL), and the National Hockey League (NHL).

The Department of Justice says that Streit operated a “live streaming” website for profit, offering access to the illegal sports content in exchange for subscription fees of $129.99 per season.

The website is ‘,’ which is now under the control of ACE (Alliance for Creativity) and redirects visitors to legal channels of content distribution.

the Hehestreams website
The website
Source: US DoJ

Prosecutors say that Streit gained access to the sports league’s content by hacking into the accounts of the league’s subscribers.

Also Read: A Closer Look: The Personal Information Protection Law in China

The site operated from 2017 to August 2021, during which Streit allegedly obtained at least $5,000 in subscription fees, but the actual amount may be higher.

Hehestreams offered multiple payment methods besides crypto, making it easier for law enforcement to trace payments and find out who was running the service.

The FBI states that at least one sports league suffered approximately $3,000,000 in damages, and they are still investigating the injuries to the other victims.

Extorting the MLB

In addition to streaming the MLB’s content illegally, Streit is also charged for attempting to extort the MLB for $150,000 by threatening to publish alleged platform access vulnerabilities that he abused to steal the streams.

“Furthermore, Streit allegedly hacked MLB’s computer systems and attempted to extort $150,000 from the league,” U.S. Attorney Damian Williams said in a press release.

Streit is alleged to have exploited a flaw in a third-party service’s access token system, allowing “hehestreams” users to access live sports streams by authenticating as legit users of the actual platforms.

MLB’s complaint to the law enforcement authorities presents Streit as frustrated for not finding a bug bounty program to report the network vulnerabilities, accusing MLB of “shocking lack of gratitude.”

You’d think that, upon disclosure of a vulnerability that directly impacts a multi-billion-dollar revenue stream, you’d at least receive a reply.— joshmn (@joshmn) March 18, 2021

Streit is now facing five counts, for computer intrusion, illicit digital transmission, wire fraud, and transmission of interstate communications with intent to extort, with the maximum penalty of 25 years in prison.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us