Japanese gaming company Nintendo announced today that more than 160,000 of its user accounts were being unauthorizedly accessed by an unknown third-party since the beginning of April.
According to a press release by Nintendo, the illegal login attempts were observed on their legacy login system NNID (Nintendo Network ID).
NNID is an alternate login method provided by Nintendo for accessing Nintendo accounts.
After receiving complaints from the users and self-analyzing the issue, Nintendo has now permanently shut down it’s ‘logging in via NNID’ function.
My nintendo acc got hacked a few weeks ago but I caught it fast enough, and my bf's account just got hacked yesterday. This has been happening to a ton of people and most cases result in $100+ charges for fortnite currency.. Would highly suggest setting up 2factor ASAP— シリア☆ (@cillia) April 19, 2020
Someone hacked my PayPal and spent $200 on Nintendo games?! pic.twitter.com/pc5eRvHXSY— Vexonym (@Vexonym) April 19, 2020
Even my Paypal support guy got hit with a hacked Nintendo account, I can't make this shit up pic.twitter.com/Ounarwy2aC— DakiniBrave (@DakiniLuna) April 15, 2020
The following information registered in Nintendo accounts linked with NNID is stolen: Name, DOB, Gender, Country/ region, and Email address. Whereas, No credit card info is compromised.
The company says they’re resetting the passwords of all NNID and Nintendo accounts.
“If you have already logged into your Nintendo account via NNID, please log in with your Nintendo account email address / login ID after the next login,” says Nintendo.
“If you use the same password for your NNID and Nintendo account, your balance and registered credit card / PayPal may be illegally used at My Nintendo Store or Nintendo eShop. Please set different passwords for NNID and Nintendo account. In addition, if damage such as purchase
history that you do not know is found in your Nintendo account related to this unauthorized login, conduct an individual investigation and then
cancel the purchase.”
Nintendo further suggests its users to set up two-step verification for their accounts, as none of the two-step verification-enabled accounts were found compromised in this hack.
“We sincerely apologize for any inconvenience caused and concern to our customers and related parties,” the company concluded in the statement. “In the future, we will make further efforts to strengthen security and ensure safety so that similar events do not occur.”