A hacker who made a fortune by breaking into people's accounts and posting spam on their behalf is now warning users against password reuse.
Kyle Milliken, a 29-year-old Arkansas man, was released last week from a federal work camp. He served 17 months for hacking into the servers of several companies and stealing their user databases.
Some of the victims included Disqus, from where he stole 17.5 million user records, Kickstarter, from where he took 5.2 million records, and Imgur, with 1.7 million records.
For years, Milliken and his partners operated by using the credentials stolen from other companies to break into more lucrative accounts on other services.
If users had reused their passwords, Milliken would access their email inboxes, Facebook, Twitter, or Myspace accounts, and post spam promoting various products and services.
From 2010 to 2014, Milliken and his colleagues operated a successful spam campaign using this simple scheme, making more than $1.4 million in profits, and living the high life[1].
Authorities eventually caught up with the hacker. He was arrested in 2014, and collaborated with authorities for the next years, until last year, when it leaked that he was collaborating with authorities and was blackballed on the cybercrime underground.
A white-hat career
Now, Milliken is out and looking for a new life. But this time he's not interested in breaking the law. In an interview with ZDNet last week, Milliken said he's planning to go back to school and then start a career in cyber-security.
"Right now I'm going back to the basics and studying for every possible security certification," Milliken said. "Being a 16 year old high school dropout without any formal education I had to reverse engineer and teach myself everything that I