Nintendo has confirmed that 160,000 user accounts have been breached by hackers since the beginning of April. In response, users will no longer need their Nintendo Network IDs to log into their accounts, and any accounts that may have been breached will have their passwords reset (via CNN).
No credit card information has been exposed, but hackers could access nicknames, email addresses, date of birth, gender and country data in the breach. As an additional layer of security, Nintendo is asking users to set up two-factor authentication to their accounts.
“During the investigation, in order to deter further attempts of unauthorised sign-ins, we will not reveal more information about the methods employed to gain unauthorised access,” said Nintendo in a statement. “We apologise for the inconvenience and concerns caused to our customers, and we will continue working hard to safeguard the security of our users’ data.”
The issue was first noticed on Twitter by user @pixelpar, who noticed that their account had been accessed multiple times overnight, which was met by multiple users also encountering the issue.
I suspect Nintendo may have had a major security breach. My account was accessed numerous times overnight.
My password is a unique string and my PC is definitely clean (not that I ever login via it).
Lots of similar reports on Reddit/twitter.
Unlink PayPal & enable 2FA folks!
— Pixelpar (@pixelpar) April 19, 2020
Speaking to VGC, Nintendo stated: “We are aware of reports of unauthorized access to some Nintendo Accounts and we are investigating the situation. In the meantime, we recommend that users enable two-step verification for their Nintendo Account as instructed here.
“If any users become aware of unauthorized activity, we encourage them to take the steps outlined at https://www.nintendo.co.uk/Support/Nintendo-Account/Nintendo-Account-Recovery-Process-1658054.html or visit https://support.nintendo.com for general support.”