Nintendo Confirms Hack Attack Has Exposed 160,000 User Accounts
Gaming giants Nintendo says at least 160,000 user accounts have been exposed to hackers, with login details now being forcefully reset for all affected customers.
The firm said login IDs and passwords "obtained illegally by some means other than our service" were used to sneak into accounts since the start of this month. It has now disabled the ability to log into accounts using a Nintendo Network ID (NNID), the apparent cause of the breach.
Nicknames, dates of birth and email addresses were left exposed as a result of the hack. Nintendo says affected users will be notified about password resets by email. It has urged all users to avoid having the same passwords on multiple accounts and turn on two-factor authentication.
"If you use the same password for your NNID and Nintendo account, your balance and registered credit card PayPal may be illegally used at My Nintendo Store or Nintendo eShop," it warned.
In response to recent incidents related to some Nintendo Accounts, it is no longer possible to sign into a Nintendo Account using a Nintendo Network ID. We apologise for any inconvenience caused. Please visit our Support website for more information: https://t.co/GMrXr5OHW0
— Nintendo UK (@NintendoUK) April 24, 2020
Officials said credit card information is not believed to have been accessed or stolen, although the news comes after some users complained on social media about fraud attempts.
"Someone managed to hack my Nintendo Switch account and add vbucks to their Epic Account and it's been less than a week. Here's hoping Paypal refunds the $300 I'm now missing," one Twitter user claimed on April 16, one of several comments about suspicious activity in recent days.
"We sincerely apologize for any inconvenience caused and concern to our customers and related parties. In the future, we will make further efforts to strengthen security and ensure safety so that similar events do not occur," Nintendo said in a statement published today.
"We will notify you by e-mail to the NNID and Nintendo account that the password was reset, so please reset your password the next time you use it. Please avoid reusing the password that you have already used for other services. If you have already logged into your Nintendo account via NNID, please log in with your Nintendo account email address/login ID after the next login," it added.
According to the Nintendo website, NNIDs were previously used to access its online network services, including the Miiverse and Nintendo eShop, on 3DS and Wii U. Its most recent console, the Switch, uses an updated account system. However, customers could use older NNID credentials to log in.
In a separate support statement posted online, the U.K division of the company said there was "currently no evidence pointing towards a breach of Nintendo's databases, servers or services."
"During the investigation, in order to deter further attempts of unauthorized sign-ins, we will not reveal more information about the methods employed to gain unauthorized access," it added.
