Click to Skip Ad
Closing in...

Nintendo says 160,000 accounts were hacked in security breach

Published Apr 24th, 2020 3:05PM EDT
Nintendo Account hack
Image: Nintendo

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

  • Nintendo of Japan confirms that around 160,000 Nintendo Accounts were illegally accessed by using the connected Nintendo Network IDs (NNIDs).
  • Hackers were able to see the nickname, email address, country, and date of birth of the account, as well as make purchases with credit cards and PayPal accounts.
  • Nintendo says that hackers couldn’t actually see credit card numbers, thankfully.
  • Visit BGR’s homepage for more stories.

Days after reports of Nintendo Accounts being accessed by unauthorized parties began to surface online, Nintendo of Japan has confirmed that there was indeed a breach. On a new support page, the company says IDs and passwords have been “obtained illegally by some means other than our service” to log in to Nintendo Accounts using Nintendo Network IDs (NNID), and reveals that this has been happening since the beginning of April.

In order to address the issue, Nintendo has disabled the ability to access a Nintendo Account using an NNID, and has reset the passwords of every Nintendo Account that might have been affected by the breach. NNIDs were used on the Wii U and 3DS, and were once expected to serve as the account system standard for future Nintendo hardware, but the NNID was all but replaced by the Nintendo Account when the Switch launched.

Nintendo says that it will notify affected users by email when their NNID and Nintendo Account passwords have been reset. If you receive one of these emails, be sure not to use a password you’ve used before. Also, if you were logging into your Nintendo Account with your NNID, use your Nintendo Account information instead in the future.

Furthermore, if you were using the same password for your Nintendo Account and your NNID, Nintendo says hackers would have been able to use whatever balance was remaining on your account as well as your registered credit/debit card or PayPal account to make purchases from My Nintendo Store and Nintendo eShop. If you find an unauthorized transaction on your account, get in touch with Nintendo to have the money refunded.

According to Nintendo of Japan, around 160,000 Nintendo Accounts were potentially accessed since early April, and third parties may have seen your nickname, date of birth, country or region, and email address. Nintendo says those third parties wouldn’t have been able to see your credit card number, though. Nintendo urges everyone who has yet to do so to set up two-step verification on their Nintendo Accounts going forward.

The silver lining here is that anyone who didn’t own a Wii U or a 3DS should be fine. The root of the problem appears to be the Nintendo Network ID, and if you bought a Switch to play Animal Crossing: New Horizons after skipping the Wii U and 3DS era, you don’t have an NNID that could be used to infiltrate your account. Nevertheless, even if you don’t have an NNID, everyone with a Switch should set up two-step verification.

Jacob Siegal
Jacob Siegal Associate Editor

Jacob Siegal is Associate Editor at BGR, having joined the news team in 2013. He has over a decade of professional writing and editing experience, and helps to lead our technology and entertainment product launch and movie release coverage.

More Tech