Nintendo Breach: Now 300,000 Accounts Affected
Leo Daniels • June 12, 2020
This is a subtitle for your new post
Nintendo has added another 140,000 accounts to those it claimed were compromised by hackers from April this year, bringing the total to 300,000.
The updated figure was given as a result of its ongoing investigation into the incident. The additional Nintendo Network ID (NNID) accounts that have been “accessed maliciously” have had their passwords reset and the relevant customers were contacted directly.
The gaming giant said back in April
that 160,000 legacy NNIDs, which are associated with its now-defunct Nintendo 3DS handsets and Wii U consoles, were accessed by unauthorized third parties.
The Japanese firm said they were “obtained illegally by some means other than our service” to buy digital items from the My Nintendo Store or Nintendo eShop, using stored cards or PayPal log-ins.
This would seem to indicate that hackers potentially used credential stuffing techniques, were able to crack weak passwords or obtained them via phishing.
Experts from SpyCloud
claimed at the time that they believed credential stuffing was the most likely option, after finding the source code for a bespoke account checker tool designed specifically to compromise Nintendo users.
“For enterprises like Nintendo, protecting users from account takeover poses a unique challenge. Inevitably, some portion of users will reuse passwords, putting their accounts at risk,” it said.
“To protect users from account takeover, enterprises need to secure their human attack surface by proactively monitoring user logins for credential reuse and resetting compromised passwords — before criminals have the chance to use them.”
Nintendo reiterated in its updated statement yesterday
that fewer than 1% of global NNIDs were affected.
With access to users’ NNID accounts, hackers may have also been able to view their nickname, date of birth, country/region and email address.
If the NNID shared the same password as their Nintendo account, they would also have been able to view the user’s full name and gender.
Users are urged to set different passwords for NNID and Nintendo accounts and switch on two-factor authentication for the latter.
We’re 1-fix, we can help you secure your business
At 1-fix, we take a realistic approach to technology – ensuring our client’s systems are best protected.
If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration, consultation to explore how exposed your business might be and identify actions to take.
Join Our Mailing List
All sign-ups are handled inline with our privacy policy and can unsubscribe at any time.
Recent Blogs
Avoid the risks of using Office 365 Home at work. Learn why Office 365 for business is the right choice for security, scalability, and compliance.
Discover the key benefits of outsourced IT support, from enhanced cybersecurity and 24/7 monitoring to cost savings and regulatory compliance.
Stay cyber secure while travelling with 10 expert tips. Use VPNs, avoid public Wi-Fi, and protect your data on the go.
In a world where AI is changing how we work and compete, security is more important than ever. We are gathering industry leaders and AI experts for a special roundtable event. This event will focus on a key topic: AI security.
Microsoft 365 Business Basic offers a range of cloud-based services designed to empower businesses to work smarter and more efficiently. Let's delve into what this package includes and how it can benefit your organisation.
We’re excited to announce an informative webinar featuring Elliot Wilkie from Brigantia and Craig Atkins from 1-Fix, diving deep into the world of DMARC on 8th July at 2 PM . This is an essential session for anyone looking to secure their email communications, understand DMARC compliance, and enhance their email deliverability.
