June 11, 2020, Kathmandu
On April 24th, Nintendo confirmed a hack of over 160,000 gamers’ accounts as hackers exploited the Nintendo Network ID (NNID) login system. The Japanese video game giant stated in an official release that attackers illicitly gained access to users’ login IDs and passwords. Furthermore, this led to a series of unauthorized logins and purchases.
Now, it has confirmed the breach in another 140,000 user accounts upon further investigations. This boosts up the breach tally to a total of 300,000 accounts.
What is NNID?
A Nintendo Network ID (NNID) is like a user ID and is unique to each Nintendo user. Users can access their Nintendo account through it and also optionally use it for login purposes.
NNIDs are mostly used for online features that include online multiplayer or interactions. In fact, users can purchase downloadable software through Nintendo eShop on Wii U and Nintendo 3DS using NNIDs.
Also Read: GoDaddy Confirms Data Breach Involving SSH Access on Hosting Accounts
The Nintendo Data Breach
By now it’s pretty much clear that hackers gained access to NNIDs or the Nintendo accounts linked to it. However, cybercriminals also gained access to users’ nicknames, email addresses, dates of birth, countries, and other personal information.
It was just enough to pose a major identity theft threat. In fact, some users filed complaints of suspicious activities on their accounts. One of the users took on to twitter (@vexonym) and said, “Someone hacked my PayPal and spent $200 on Nintendo games?!”
Nintendo also confirmed that less than 1% of all NNIDs around the world that may have been illegally logged in, been fraudulently traded.
It claims that it has contacted the customers separately and is implementing additional security measures. Although it may have finished refunding for most customers, it is still in the process of refunding in each country.
The company expresses its sincere apologies for the inconvenience and concern caused to its customers.
Following the incident, Nintendo has officially abolished the function to log in to a Nintendo account via NNID. Moreover, it has requested the customers to reset their passwords and integrate a two-step verification process to prevent such mishaps in the future.
Check out the top 4 ways to handle a data breach.