According to Nintendo, 160,000 user accounts that use a Nintendo Network ID (NNID) to login to their Nintendo Account may have been affected by the breach. The attackers have been exploiting its NNID legacy login system to hack into user accounts since the start of April. Nintendo did not provide any more detail about how attackers had accessed NNID accounts, except that the account passwords were ‘obtained illegally by some means other than their service’. Additionally, hackers may have also been able to access personal details, such as a nickname, email address, gender, date of birth, and country/region, all of which were associated with the NNID. “This time, using a login ID and password information obtained illegally by some means other than our service, a phenomenon that seems to have been made by impersonating the ‘Nintendo Network ID’ from around the beginning of April. We have confirmed that it is occurring,” Nintendo explained. “We also confirmed that there was an illegal login to some ‘Nintendo accounts’ via NNID using this impersonation login.” Nintendo said it is resetting the passwords for affected accounts and is also disallowing users to log into their Nintendo account via NNID, which was primarily used for Switch gaming, Nintendo online store accounts and grants access to various Nintendo Network services such as 3DS and Wii U. It added: “We sincerely apologize for any inconvenience caused and concern to our customers and related parties. In the future, we will make further efforts to strengthen security and ensure safety so that similar events do not occur.” The company also cautioned users using the same passwords for NNID logins to change their credentials and enable two-factor verification for added security. “If you use the same password for your NNID and Nintendo account, your balance and registered credit card / PayPal may be illegally used at My Nintendo Store or Nintendo eShop. Please set different passwords for NNID and Nintendo account,” Nintendo said. Nintendo will notify the users of the affected accounts via email, which will prompt them to reset their password and recommend them to set up two-factor authentication. “Users will be notified by email to reset your Nintendo Network ID and Nintendo account,” according to the translated version of the statement. “If you have already logged into your Nintendo account via your Nintendo Network ID, please log in using your registered Nintendo account email address or login ID.” The company added: “If damage such as purchase history that you do not know is found in your Nintendo account related to this unauthorized login, conduct an individual investigation and then cancel the purchase, etc. “We will respond. Please wait as we will proceed with the procedure in sequence.” For now, it is advised to users to change their password and enable 2-FA for better security.
