In an official statement, Nintendo has confirmed that “about 160,000” accounts have had their data breached by illegal logins through the impersonation of Nintendo Network IDs.
The Switch is incredibly popular right now - and not just with players collecting turnips, but also apparently with hackers intending on collecting user data.
In statements released today, Nintendo explained that one of the ways to sign into your account, the NNID, was illegally impersonated to log in and collect user data — and that this has been going on since early April. While payment information should be secure, the following details may have been compromised: nickname, date of birth, country/region and email address.
To deal with the situation, the Japanese company has entirely disabled logins through NNID and is encouraging all users to enable two-step verification as a precautionary measure. As for those whose accounts were impacted, or even possibly affected, Nintendo is reaching out via email to reset passwords.
Although rare, there have been some reports of payment methods being affected. Eurogamer’s Tom Phillips reports that “some people whose accounts had been accessed had seen charges on their account via linked payment methods for up to £100 worth of digital items — most commonly, Fortnite’s VBuck currency.”
In response, the company’s Japanese statement notes that users should investigate their purchasing history, cancel any suspicious purchases and wait for customer service to respond.
I suspect Nintendo may have had a major security breach. My account was accessed numerous times overnight.
My password is a unique string and my PC is definitely clean (not that I ever login via it).
Lots of similar reports on Reddit/twitter.
Unlink PayPal & enable 2FA folks!
— Pixelpar (@pixelpar) April 19, 2020
While only confirmed today, the hacking has been going on since early April. This is not the first time Nintendo has been breached, but should hopefully be a wake-up call in privacy preparedness.
You have to wonder if thousands of accounts could have been kept secure had the company alerted users and recommended two-step verification earlier in the month.
For now, in an effort to limit future hackers, the company is not clarifying exactly how the unauthorized access was gained.
Until more information is released, owners of the popular consoles should take care of their passwords and be vigilant in disputing suspicious charges.