Nintendo hack update: 140,000 additional accounts accessed

10 Jun 2020227 Views

Share on FacebookTweet about this on TwitterShare on LinkedInPin on PinterestShare on RedditEmail this to someone

Image: © skvalval/Stock.adobe.com

Share on FacebookTweet about this on TwitterShare on LinkedInPin on PinterestShare on RedditEmail this to someone

Nintendo said a total of 300,000 accounts have been hacked, which is almost twice the number that was originally reported.

In April, Nintendo reported that around 160,000 users with Nintendo Network IDs (NNID) had been affected by a data breach.

Now, the company has updated that figure, confirming that an additional 140,000 user accounts were “accessed maliciously”, bringing the total number of affected accounts to 300,000.

The hack was discovered after some Nintendo users reported that their accounts had been accessed from remote locations around the world without their permission. Users reported losing money from the credit cards or PayPal accounts associated with their NNID accounts.

Nintendo’s investigation

The company launched an investigation and yesterday (9 June) said that it discovered an additional 140,000 accounts impacted by hacking. On its Japanese website, Nintendo said that it is taking additional security measures as a result of the breach.

“As a further precaution,” Nintendo commented, “we will soon contact users about resetting passwords for Nintendo Network IDs and Nintendo accounts that we have reason to believe were accessed without authorisation.”

Support Silicon Republic

The company said that only a small fraction of the breached accounts were used to make fraudulent purchases and the company has been refunding affecting customers.

When ZDNet covered the news on 21 April, it was not known if the hacking was the result of leaked passwords, brute-force attacks or password spraying. However, some users said that their passwords were complex and unique to their Nintendo accounts, which raised concerns of a potential breach.

At the time, Nintendo said that user logins had been “obtained illegally by some means other than our service”. The Japanese company then disabled the ability to log into a Nintendo account through a NNID login – the old login IDs used for the 3DS and Wii U devices.

Some users affected by the breach reported that their accounts were used to purchase Fortnite’s in-game currency, which hackers can use or sell on for profit.

The company has now encouraged all Switch owners to enable two-step verification to secure their Nintendo accounts.

Kelly Earley is a journalist with Siliconrepublic.com

editorial@siliconrepublic.com