It’s been long suspected, but Nintendo has now confirmed that 160,000 Nintendo accounts were hacked throughout April.
In a post on its Japanese website, Nintendo said that hackers were able to access information for 160,000 users who had used their Nintendo Network ID in order to login to their Nintendo accounts.
Nintendo says that credit card data was not accessed, but the hackers would have had access to nicknames, date of birth, names, birthdays and location data. It’s also possible that hackers could have made purchases on these accounts using the credit card data attached to these accounts, but Nintendo will refund (and have been refunding) this money.
Nintendo has turned off logging in via Nintendo Network ID and they will require users who used to a NNID to login to the Nintendo Switch account to reset both their NNID and Nintendo account password.
We’d highly recommend that you change any passwords and also turn on two-factor authentication on any accounts used with your Nintendo Switch. You can find out more about two-factor authentication here.
We would like to provide an update on the recent incidents of unauthorised access to some Nintendo Accounts.
While we continue to investigate, we would like to reassure users that there is currently no evidence pointing towards a breach of Nintendo’s databases, servers or services. As one action in our ongoing investigation, we are discontinuing the ability to use a Nintendo Network ID to sign in to a Nintendo Account. All other options to sign-in to a Nintendo Account remain available.
As a further precaution, we will soon contact users about resetting passwords for Nintendo Network IDs and Nintendo Accounts that we have reason to believe were accessed without authorisation.
In addition, we also continue to strongly encourage users to enable two-step verification for their Nintendo Account as instructed here: How to set-up two-step verification for a Nintendo Account.
If any users become aware of unauthorised activity, we encourage them to take the steps outlined in the article about the Nintendo Account recovery process.
During the investigation, in order to deter further attempts of unauthorised sign-ins, we will not reveal more information about the methods employed to gain unauthorised access.
We apologise for the inconvenience and concerns caused to our customers, and we will continue working hard to safeguard the security of our users’ data.
In response to recent incidents related to some Nintendo Accounts, it is no longer possible to sign into a Nintendo Account using a Nintendo Network ID. We apologise for any inconvenience caused. Please visit our Support website for more information: https://t.co/NWyXLiS1wR
— Nintendo of Europe (@NintendoEurope) April 24, 2020