Nintendo hack update: 140,000 additional accounts accessed

10 Jun 2020

Image: © skvalval/Stock.adobe.com

Nintendo said a total of 300,000 accounts have been hacked, which is almost twice the number that was originally reported.

In April, Nintendo reported that around 160,000 users with Nintendo Network IDs (NNID) had been affected by a data breach.

Now, the company has updated that figure, confirming that an additional 140,000 user accounts were “accessed maliciously”, bringing the total number of affected accounts to 300,000.

The hack was discovered after some Nintendo users reported that their accounts had been accessed from remote locations around the world without their permission. Users reported losing money from the credit cards or PayPal accounts associated with their NNID accounts.

Nintendo’s investigation

The company launched an investigation and yesterday (9 June) said that it discovered an additional 140,000 accounts impacted by hacking. On its Japanese website, Nintendo said that it is taking additional security measures as a result of the breach.

“As a further precaution,” Nintendo commented, “we will soon contact users about resetting passwords for Nintendo Network IDs and Nintendo accounts that we have reason to believe were accessed without authorisation.”

The company said that only a small fraction of the breached accounts were used to make fraudulent purchases and the company has been refunding affecting customers.

When ZDNet covered the news on 21 April, it was not known if the hacking was the result of leaked passwords, brute-force attacks or password spraying. However, some users said that their passwords were complex and unique to their Nintendo accounts, which raised concerns of a potential breach.

At the time, Nintendo said that user logins had been “obtained illegally by some means other than our service”. The Japanese company then disabled the ability to log into a Nintendo account through a NNID login – the old login IDs used for the 3DS and Wii U devices.

Some users affected by the breach reported that their accounts were used to purchase Fortnite’s in-game currency, which hackers can use or sell on for profit.

The company has now encouraged all Switch owners to enable two-step verification to secure their Nintendo accounts.

Kelly Earley was a journalist with Silicon Republic

editorial@siliconrepublic.com