Nintendo Breach: Now 300,000 Accounts Affected

Blog Layout

Nintendo Breach: Now 300,000 Accounts Affected

Leo Daniels • Jun 12, 2020

This is a subtitle for your new post

Nintendo has added another 140,000 accounts to those it claimed were compromised by hackers from April this year, bringing the total to 300,000.

The updated figure was given as a result of its ongoing investigation into the incident. The additional Nintendo Network ID (NNID) accounts that have been “accessed maliciously” have had their passwords reset and the relevant customers were contacted directly.

The gaming giant said back in April that 160,000 legacy NNIDs, which are associated with its now-defunct Nintendo 3DS handsets and Wii U consoles, were accessed by unauthorized third parties.

The Japanese firm said they were “obtained illegally by some means other than our service” to buy digital items from the My Nintendo Store or Nintendo eShop, using stored cards or PayPal log-ins.

This would seem to indicate that hackers potentially used credential stuffing techniques, were able to crack weak passwords or obtained them via phishing.

Experts from SpyCloud claimed at the time that they believed credential stuffing was the most likely option, after finding the source code for a bespoke account checker tool designed specifically to compromise Nintendo users.

“For enterprises like Nintendo, protecting users from account takeover poses a unique challenge. Inevitably, some portion of users will reuse passwords, putting their accounts at risk,” it said.

“To protect users from account takeover, enterprises need to secure their human attack surface by proactively monitoring user logins for credential reuse and resetting compromised passwords — before criminals have the chance to use them.”

Nintendo reiterated in its updated statement yesterday that fewer than 1% of global NNIDs were affected.

With access to users’ NNID accounts, hackers may have also been able to view their nickname, date of birth, country/region and email address.

If the NNID shared the same password as their Nintendo account, they would also have been able to view the user’s full name and gender.

Users are urged to set different passwords for NNID and Nintendo accounts and switch on two-factor authentication for the latter.

We’re 1-fix, we can help you secure your business

At 1-fix, we take a realistic approach to technology – ensuring our client’s systems are best protected.

If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration, consultation to explore how exposed your business might be and identify actions to take.

< Older Post

Newer Post >

Join Our Mailing List

All sign-ups are handled inline with our privacy policy and can unsubscribe at any time.

Recent Blogs

Why is outsourcing your IT Support a good thing?

By Craig Atkins • 22 Apr, 2024

Are you tired of juggling IT issues while trying to focus on growing your business? It may be time to consider outsourcing your IT support. We've put together 5 reasons why outsourcing your IT can be beneficial for you...

What is Microsoft Copilot and how can it boost your productivity?

By Grant Davis • 03 Apr, 2024

In today’s fast-paced digital landscape, having an intelligent assistant by your side can make all the difference. Enter Microsoft Copilot, a powerful AI companion designed to boost productivity, spark creativity, and simplify complex tasks. Let’s dive into what makes Copilot a game-changer for individuals and businesses alike.