If users had reused their passwords, Milliken would access their email inboxes, Facebook, Twitter, or Myspace accounts, and post spam promoting various products and services. From 2010 to 2014, Milliken and his colleagues operated a successful spam campaign using this simple scheme, making more than $1.4 million in profits, and living the high life. Authorities eventually caught up with the hacker. He was arrested in 2014, and collaborated with authorities for the next years, until last year, when it leaked that he was collaborating with authorities and was blackballed on the cybercrime underground….
In an interview with ZDNet last week, Milliken said he’s planning to go back to school and then start a career in cyber-security… [H]e publicly apologized to the Kickstarter CEO on Twitter. “I’ve had a lot of time to reflect and see things from a different perspective,” Milliken told ZDNet. “When you’re hacking or have an objective to dump a database, you don’t think about who’s on the other end. There’s a lot of talented people, a ton of work, and even more money that goes into creating a company… there’s a bit of remorse for putting these people through cyber hell.”
He also has a message for internet uesrs: stop reusing your passwords. And he also suggests enabling two-factor authentication.
“I honestly think that the big three email providers (Microsoft, Yahoo, Google) added this feature because of me.”