A Minnesota man has been charged with hacking into computer systems used by Major League Baseball and trying to extort the league for $150,000, the US Attorney’s Office of the Southern District of New York said Thursday.
In emails with an MLB executive, Joshua Streit, 30, threatened to publicize the vulnerability that he used to access the league’s website for streaming live games before asking for $150,000 for finding the technology flaw, according to charging documents.
Streit allegedly renewed his extortion attempt in September, at a time of heightened scrutiny for the MLB as it was preparing for the playoffs. The news comes ahead of Game 3 of the World Series between the Houston Astros and Atlanta Braves.
A Twitter account listed in the criminal complaint as belonging to Streit did not respond to a request for comment on Friday. James Becker, an attorney listed for Streit in court records, did not respond to requests for comment.
The charges against Streit, who is also known as Josh Brody, include wire fraud, illegally hacking into a computer for the purposes of fraud and “sending interstate threats with the intent to extort.” The maximum sentence for each individual charge ranges from two to 20 years in prison.
Streit is accused of illegally streaming copyrighted live games from the MLB, National Basketball Association, National Football League and the National Hockey League. To do that, prosecutors allege, Streit used stolen login credentials to access the sports’ websites and stream live games to his own website for profit.
One of the sports leagues lost almost $3 million because of Streit’s actions, the US Attorney’s office said in a press release.
A LinkedIn profile listed in the complaint as belonging to Streit describes him as a software engineer living in the Minneapolis area.
During an initial court appearance Thursday in the US District Court for the District of Minnesota, a judge ordered “temporary detention” for Streit pending a November 1 hearing, according to court documents.
A spokesperson for the MLB declined to comment. Neil Boland, the league’s chief information security officer, did not respond to requests for comment.
The MLB is no stranger to cybersecurity-related scandals.
Christopher Correa, the former director of scouting for the St. Louis Cardinals, was sentenced to nearly four years in prison in 2016 for hacking into the Houston Astros’ scouting records.
Major sports franchises had to invest in greater cybersecurity protections in recent years as cybercriminals have looked to extort sports teams as they do other big corporations.
Manchester United, one of the wealthiest soccer clubs in the world, blamed “organized cybercriminals” last year for a breach that hampered the club’s computer systems for days.