Kyle Milliken identified as hacker behind Imgur, Disqus, Kickstarter data breaches: Report

Data breaches affecting 163 million users of popular websites including Imgur, Disqus and Kickstarter have been traced back to an Arkansas man quietly sentenced last month after agreeing to cooperate with federal authorities, The Daily Beast reported Thursday.

Kyle Milliken, 28, was recently sentenced to 17 months at a federal work camp in connection with the data breaches, the website reported, citing interviews with Milliken and secret case documents.

Milliken was arrested in July 2014, but details about his case remain under seal in light of his decision to cooperate with the FBI — a maneuver that likely earned Milliken a significantly lighter sentence than had he refused to help, The Daily Beast reported.

From 2010 to 2014, Milliken and his colleagues operated a criminal operation that made a small fortune through compromising internet accounts and using them to send spam, according to the report.

“Milliken used automated tools to rapidly take over the email and social media accounts of real people, then blast out messages to all their friends, primarily pushing work-at-home-opportunities and miracle diet products,” the report said.

The hacker’s exploits culminated in data breaches that affected 1.7 million users of Imgur, an image sharing website; 5.2 million users of Kickstarter, a crowdfunding site; and 17.5 million users on Disqus, a commenting platform, among other victims, according to the report.

Milliken was busted after the Disqus breach and “gave up a friend he’d been working with,” the report said. Federal prosecutors subsequently brought sealed charges against both in hopes of keeping their arrests under wraps to avoid alerting other possible suspects, but news nonetheless leaked about Milliken’s cooperation and he was “basically shunned by everybody,” he told the website.

Milliken was sentenced in San Jose federal court last month and will start serving time May 24, The Daily Beast reported.

Altogether his cybercrimes netted Milliken about $1.4 million, he told the website.

The Department of Justice declined to comment when reached by The Washington Times, and no court records documenting the charges were publicly available Thursday.

Criminal suspects are regularly offered comparatively lenient sentences in exchange for their cooperation, and high-profile hacking cases are no exception.

Security researcher and former “Anonymous” hacktivist Hector Monsegur spent seven months behind bars instead of potentially decades after he quietly agreed to help the FBI’s investigation into the group in 2011. More recently, convicted “Lizard Squad” member Zachary Buchta was handed a three-month sentence by a Maryland judge last month — substantially less than the 10-year maximum he faced — after prosecutors cited his cooperation with authorities.