Nintendo has confirmed that they suffered a massive attack that has compromised the private data of around 160,000 user accounts.
Since the beginning of April, many users began to complain that something strange was happening with their Nintendo accounts. Specifically, unauthorized access, as well as fraudulent transactions were registered through the linked PayPal accounts.
In response to this, the Japanese company asked to all users to activate second factor of authentication, thereby ensuring an additional layer of security for user accounts. Apart from this, the company launched an investigation to clarify the matter.
Now, after analyzing what happened, Nintendo has confirmed through its Japanese website that it has suffered a hack. The security breach has affected some 160,000 accounts, whose private data has been compromised since early April.
But what exactly has happened? The corporation explains that, since the beginning of this month, there have been unauthorized access to these accounts through a login ID and password “illegally obtained by some other means than our service.”
The intruders have allegedly impersonated the Nintendo Network ID (NNID), an identifier associated with the Wii U and Nintendo 3DS consoles, to perpetrate these illegal logins. This has allowed them to enter the accounts and consult private personal data such as nickname, date of birth, country of residence, email address, etc.
In addition, in the event that the user had the same password for a NNID and a Nintendo account, the intruders have also been able to use the associated credit card or PayPal account to make purchases in My Nintendo Store or Nintendo eShop.
To solve the problem, the company has eliminated the possibility of accessing the Nintendo account through the NNID and has contacted those affected by email to reset their passwords. Furthermore, asked all users who have detected fraudulent purchases to report them and the company promised to cancel those fraudulent purchases.