Nintendo has confirmed that up to 160,000 Nintendo accounts were accessed in a massive data breach that exploited accounts without two-factor authentication enabled. (To be clear, no data breach occurred at Nintendo. These accounts were most likely compromised because the owners reused passwords from other accounts.)
We previously reported that cybercriminals are targeting Nintendo accounts and users are receiving emails alerting them to new logins. Because such accounts may contain personal and payment information, the cyberattacks are also a potential privacy breach.
Nintendo issued a statement in Japanese, noting that hackers had been spoofing the Nintendo Network ID process since early April. As a result, "unauthorized" logins were made to many Nintendo accounts.
According to the company, the data that may have been accessed include the user's nickname, date of birth, gender, country/region, and email address. So far, no payment details appear to have been accessed.
In some cases, however, cybercriminals were able to make purchases through linked payment methods. This has allowed some people to have up to £100 (approximately $123) worth of digital items charged to their accounts.
It is important to note that the cybercriminals could not actually see the full payment details of the users. However, Nintendo warns that users' financial information could be compromised if they use the same username and password for both their Nintendo and bank or PayPal accounts.
Nintendo now advises Nintendo account holders to reset their passwords upon receiving an email notification from the company. The company also recommends that users who have already logged in to their accounts re-login.
Users should also avoid sharing their Nintendo Account password with other services, especially payment services such as PayPal.
If your account has been compromised and someone has used your information to purchase a game, Nintendo encourages you to contact the company.
The Big N will then conduct an "individual investigation" and cancel the purchase. However, Nintendo states: "We will take action. Please wait as we will proceed in due course."
It stated.Nintendo also apologized for the data breach and said it would "make further efforts" to strengthen security and prevent similar incidents from occurring in the future.
One way to prevent further intrusions is to enable two-factor authentication (2FA) for your Nintendo account. This means that during login, your phone will prompt you for an additional code, making the process more secure. Click here to learn how to set up Nintendo 2FA.
Comments