- Nintendo of Japan confirms that around 160,000 Nintendo Accounts were illegally accessed by using the connected Nintendo Network IDs (NNIDs).
- Hackers were able to see the nickname, email address, country, and date of birth of the account, as well as make purchases with credit cards and PayPal accounts.
- Nintendo says that hackers couldn’t actually see credit card numbers, thankfully.
- Visit BGR’s homepage for more stories.
Days after reports of Nintendo Accounts being accessed by unauthorized parties began to surface online, Nintendo of Japan has confirmed that there was indeed a breach. On a new support page, the company says IDs and passwords have been “obtained illegally by some means other than our service” to log in to Nintendo Accounts using Nintendo Network IDs (NNID), and reveals that this has been happening since the beginning of April.
In order to address the issue, Nintendo has disabled the ability to access a Nintendo Account using an NNID, and has reset the passwords of every Nintendo Account that might have been affected by the breach. NNIDs were used on the Wii U and 3DS, and were once expected to serve as the account system standard for future Nintendo hardware, but the NNID was all but replaced by the Nintendo Account when the Switch launched.
Nintendo says that it will notify affected users by email when their NNID and Nintendo Account passwords have been reset. If you receive one of these emails, be sure not to use a password you’ve used before. Also, if you were logging into your Nintendo Account with your NNID, use your Nintendo Account information instead in the future.
Furthermore, if you were using the same password for your Nintendo Account and your NNID, Nintendo says hackers would have been able to use whatever balance was remaining on your account as well as your registered credit/debit card or PayPal account to make purchases from My Nintendo Store and Nintendo eShop. If you find an unauthorized transaction on your account, get in touch with Nintendo to have the money refunded.
According to Nintendo of Japan, around 160,000 Nintendo Accounts were potentially accessed since early April, and third parties may have seen your nickname, date of birth, country or region, and email address. Nintendo says those third parties wouldn’t have been able to see your credit card number, though. Nintendo urges everyone who has yet to do so to set up two-step verification on their Nintendo Accounts going forward.
The silver lining here is that anyone who didn’t own a Wii U or a 3DS should be fine. The root of the problem appears to be the Nintendo Network ID, and if you bought a Switch to play Animal Crossing: New Horizons after skipping the Wii U and 3DS era, you don’t have an NNID that could be used to infiltrate your account. Nevertheless, even if you don’t have an NNID, everyone with a Switch should set up two-step verification.