Nintendo Breach: Now 300,000 Accounts Affected
Leo Daniels • June 12, 2020
This is a subtitle for your new post
Nintendo has added another 140,000 accounts to those it claimed were compromised by hackers from April this year, bringing the total to 300,000.
The updated figure was given as a result of its ongoing investigation into the incident. The additional Nintendo Network ID (NNID) accounts that have been “accessed maliciously” have had their passwords reset and the relevant customers were contacted directly.
The gaming giant said back in April
that 160,000 legacy NNIDs, which are associated with its now-defunct Nintendo 3DS handsets and Wii U consoles, were accessed by unauthorized third parties.
The Japanese firm said they were “obtained illegally by some means other than our service” to buy digital items from the My Nintendo Store or Nintendo eShop, using stored cards or PayPal log-ins.
This would seem to indicate that hackers potentially used credential stuffing techniques, were able to crack weak passwords or obtained them via phishing.
Experts from SpyCloud
claimed at the time that they believed credential stuffing was the most likely option, after finding the source code for a bespoke account checker tool designed specifically to compromise Nintendo users.
“For enterprises like Nintendo, protecting users from account takeover poses a unique challenge. Inevitably, some portion of users will reuse passwords, putting their accounts at risk,” it said.
“To protect users from account takeover, enterprises need to secure their human attack surface by proactively monitoring user logins for credential reuse and resetting compromised passwords — before criminals have the chance to use them.”
Nintendo reiterated in its updated statement yesterday
that fewer than 1% of global NNIDs were affected.
With access to users’ NNID accounts, hackers may have also been able to view their nickname, date of birth, country/region and email address.
If the NNID shared the same password as their Nintendo account, they would also have been able to view the user’s full name and gender.
Users are urged to set different passwords for NNID and Nintendo accounts and switch on two-factor authentication for the latter.
We’re 1-fix, we can help you secure your business
At 1-fix, we take a realistic approach to technology – ensuring our client’s systems are best protected.
If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration, consultation to explore how exposed your business might be and identify actions to take.
Join Our Mailing List
All sign-ups are handled inline with our privacy policy and can unsubscribe at any time.
Recent Blogs
Join our free 30-min webinar on 3 Sept to learn what Windows 10 end-of-life means and how to upgrade for free—plus win a Hotel Chocolat bundle!
Planning to move to the cloud? Discover what to expect, key benefits, and how 1-Fix IT support ensures a smooth, secure migration for your business.
Cut costs and reduce your carbon footprint with cloud migration. Discover how 1-Fix IT support helps businesses save and go green with managed IT services.
Discover why summer is the perfect time to move to the cloud. Learn how cloud migration boosts flexibility, security & cost-efficiency with 1-Fix IT support.
Protect your business with expert IT support. Learn why cybersecurity is vital for reputation, compliance, and long-term success.
Avoid the risks of using Office 365 Home at work. Learn why Office 365 for business is the right choice for security, scalability, and compliance.
