Nintendo Switch account is Broken: What to Do now

Nintendo Switch account is Broken: What to Do now

Cybercriminals are targeting Nintendo accounts.

When I received the first email message that there was a new login to my Nintendo account in the U.S., I assumed that my partner had activated the Switch and was attempting to browse the eShop. When I received the second email message that there was a new login from China on my Nintendo account, I knew something was up.

For those who haven't had a Nintendo system online for a while, the Nintendo Account is what allows you to access the eShop, play Switch games online, and log into one of Nintendo's few mobile games.

Like most other online gaming accounts, it can store payment information such as credit card and PayPal accounts, making it an attractive target for malicious individuals.

Eurogamer reports that I am not alone in Nintendo's predicament; Eurogamer staffers are facing the same problem, and Twitter users have even more horror stories to share.

If you're lucky, like me, cybercriminals gain access to your account, see nothing of interest there, and log you out again. However, if your payment details are saved, you may face a string of fraudulent purchases, especially currency for cross-platform games like Fortnite.

Nintendo has not commented directly on the issue, but the company has tweeted a timely PSA about enabling two-factor authentication (2FA), suggesting that the company is aware of the situation in some way.

Let's be frank: If you have a Nintendo account, you need to enable 2FA. Simply changing your password is not a sufficient defense.

In any case, it is not difficult to enable 2FA. Simply login to your Nintendo Account in your web browser and click on "Sign In and Security Settings" from the menu on the left side. At the bottom of the page you will find an option called "Set up 2-step verification." Click on "Send Email," and the Nintendo website will guide you through the rest of the process.

Basically, you'll use a phone app called Google Authenticator to enter a six-digit code every time you log into your Nintendo account from now on. (The Authenticator is tied only to your phone, so even if a third party guessed your password, they would not be able to log in.

There are several other ways to keep your Nintendo account secure, though not as effective as 2FA.

The first is to change your sign-in method, forcing you to sign into your Nintendo account using only your username. (This is harder to guess than an email address, especially if cybercriminals have picked up the login information from an old data breach.)

In addition, it can also remove any payment options stored in the Nintendo account. This means that you will have to manually enter your credit card information every time you purchase a new game, but trust me, it is better than having an intruder grab your credit card information.

It is not clear how the cybercriminals obtained Nintendo's login data. My guess is that they "comb through old data leaks and hope that the usernames and passwords are still available," otherwise known as "credential stuffing." However, there is always the possibility that a clever hacker has figured out a way to gain direct access to Nintendo's data banks.

Until then, 2FA will keep you safe. Remember, if you don't have 2FA enabled, you could be subject to identity theft. And getting it overturned is a real problem.

Categories