Nintendo has confirmed 160,000 user accounts have been accessed exposing a limited amount of PII and possibly access to Nintendo store accounts.
The gaming company reported that starting in early April accounts were accessed through the Nintendo Network ID (NNID), which is primarily used for Switch gaming, Nintendo online store accounts and grants access to various Nintendo Network services. The company is unaware exactly how the intrusion was conducted, but believes “seems to have been made by impersonating login to "Nintendo Network ID”.
Name, nickname, date of birth, gender, country / region and email address were exposed, although those who use multi-factor authentication to access their account are safe. There is a scenario where the exposed credentials could be used by the attacker to gain access to the Nintendo store.
“If you use the same password for your NNID and Nintendo account, your balance and registered credit card / PayPal may be illegally used at My Nintendo Store or Nintendo eShop. Please set different passwords for NNID and Nintendo account,” Nintendo said.
If an account’s purchase history indicates illegal activity has taken place the company said these should be cancelled and Nintendo will then respond to each incident appropriately.
In response to these issues the company has abolished user’s ability to log into their Nintendo account via NNID and passwords for both NNID and Nintendo accounts are being reset and the company is recommending multi-factor authentication be set up for each account.
“Nintendo, like Zoom, is under something of a microscope right now. Nintendo's recently released Animal Crossing: New Horizons game for the Nintendo Switch came out in March, just when people were required to stay home, and so has done very, very well. This means that any attention on Nintendo is magnified — both because the company is in the media much more, and also because it has a glut of new users right now. It’s always important to react carefully to a security breach, but even more so in a case like this, with both users and publicity at highs," said from Tyler Carbone, chief strategy officer at Terbium Labs.
This is the second issue affecting Nintendo this week. It was reported that bots are being used by a reseller to buy up Nintendo switches before humans can make a purchase.
Dubbed Bird Bot, the open-source tool has been used by buyers looking for an edge over other consumers, as well as resellers who want to stock up on Switches in bulk and then sell them at sky-high prices.