Vents MagaZine Music and Entertainment Magazine
Related Articles
Back in April 2020, Nintendo suffered a huge breach, compromising around 160,000 accounts in the process. Now, in June, Nintendo revealed that 140,000 additional accounts have been accessed maliciously, updating the numbers to a whopping 300,000.
The company figured out the exact hacked accounts’ number after proceeding with the investigation. It then took it to its website and broke the news in a statement written in Japanese.
Unfortunately, Nintendo did not confirm how the hacking attempt occurred. It only stated that the login ID and passwords were illegally obtained from somewhere other than their service itself. Possibly by using other means of hacking.
It’s likely we are talking about one of three alternatives: Credential stuffing, Phishing, or Brute Force. We don’t know what went on, but we sure do know what the aftermath of the breach was. Here’s everything you need to know.
Nintendo’s NNID Breach – What Was Harvested?
Nintendo Network IDs allowed users to download content and link their systems to a shared wallet. This goes specifically to those who operate a 3DS or Wii U.
However, with Nintendo Switch, there was a new account system in place, but 3DS and Wii U owners could link their accounts.
In other words, if one is compromised, hackers can get a hold of everything. Nintendo also mentioned that using the same password on all your Nintendo devices might have drastic repercussions.
Those who use the same password on the NNID and Nintendo accounts find their virtual coins balances and linked PayPal accounts misused at the Nintendo eShop.
In fact, Nintendo’s social media exploded with users claiming that their money was used to buy Fortnite’s virtual currency, V-Bucks. Not to mention the ability to log in and play other users’ games.
In a statement, Nintendo said that less than 1% of the targeted individuals suffered such a fate. Only 1% of the accounts have been used to make fraudulent transactions.
We don’t know if Nintendo has refunded the targeted customers yet or is willing to in the near future.
Aside from using the accounts to pay for coins, the hackers were able to collect personal data about the individuals. This includes the country or region they reside in, data of birth, and email addresses.
What Does Nintendo Have to Say?
Nintendo started sending emails to the affected users, asking them to change their passwords immediately. Moreover, the company also urged them to turn on Two-Factor Authentication for an extra layer of security.
This way, they’ll have a second method of verification that requires a specific code for each new login. With that said, here’s what Nintendo stated on their website:
“While we continue to investigate, we would like to reassure users that there is currently no evidence pointing towards a breach of Nintendo’s databases, servers or services.
As one action in our ongoing investigation, we are discontinuing the ability to use a Nintendo Network ID to sign in to a Nintendo Account. All other options to sign-in to a Nintendo Account remain available.”
As we stated above, Nintendo did not and apparently, does not intend to reveal the methods used during the breach. This is backed up by the following official statement as well:
“During the investigation, in order to deter further attempts of unauthorized sign-ins, we will not reveal more information about the methods employed to gain unauthorized access.
We apologize for the inconvenience and concerns caused to our customers, and we will continue working hard to safeguard the security of our users’ data.”
Final Words
Sharing the same password across accounts and services is always a bad idea. It simply makes life even easier for cybercriminals to collect your personal information and use it in their own malicious acts.
Security awareness is always advisable, which is why dedicated websites for such information exist. We stumbled upon The VPN Guru, which provides comprehensive guides on how you can enhance your security and protect your privacy. It’s your personal data on the line in the end, and it’s no joke.
