No company these days is safe from cybercrime. That includes Japanese video game giant Nintendo. On Friday, it acknowledged that it has suffered a major privacy breach that exposed the personal information of more than 160,000 people.
The breach reportedly originated in early April and affects accounts that are linked to the company’s Nintendo Network ID (NNID) login system. Although it certainly isn’t the most devastating data breach to happen in recent months, Nintendo players won’t be happy that their information has fallen into the wrong hands.
A Flaw of the Past
It appears that the recent data breach is the result of a system used with older Nintendo devices like the Wii U and 3DS. Users who use an NNID to log in to their main Nintendo account may have been affected by the hack.
Fortunately, the Nintendo Switch uses the newer Nintendo Account system for logging in. At this point, it doesn’t appear that Switch users are affected unless they linked their account to an older NNID.
Nintendo said on its website that as many as 160,000 users may have been affected during the breach. With login IDs and passwords “obtained illegally by some means other than our [Nintendo’s] service” hackers were able to gain access to accounts since the start of April.
The company says that information including nicknames, date of birth, country, and email addresses may have been exposed.
In response to the breach, Nintendo is taking steps to decrease reliance on the outdated NNID login system. It is disabling the ability to log into a main Nintendo account with an NNID. This doesn’t mean that users won’t be able to access their accounts. Rather, it means that they’ll need to log in with another form of identification like a username or email address.
Moreover, Nintendo suggests that all users activate two-factor authentication. This is something that you should already be doing for all of your online accounts. So, if you aren’t, now is the perfect time to correct that.
The Truth Comes Out
Interestingly, Nintendo’s confirmation of the hacks comes just a few days after reports emerged of accounts being breached. Earlier this week, users reported strange account activity. Specifically, many noticed that their payment information was used to buy digital items like bundles of “Fortnite’s” in-game currency, VBucks.
Now, the pieces have come together.
Nintendo asks users who think that they’ve been affected by the incident to directly reach out to the company. It will investigate the purchase history and cancel illegitimate transactions.
Meanwhile, Nintendo issued a warning to players who use the same password for an NNID and Nintendo account. It says, “Your balance and registered credit card / PayPal may be illegally used at My Nintendo Store or Nintendo eShop.”
As such, users who fall into that category should keep a close eye on their accounts for any suspicious activity. Meanwhile, passwords for those accounts should be changed immediately to something unique and complex.