Nintendo Confirms Breach of Up to 160,000 Accounts

Nintendo has confirmed that hackers have been accessing Nintendo Accounts, and pinned the problem down to a Nintendo Network ID (NNID) login method.

A new report from The Verge explains Nintendo has confirmed that up to 160,000 Nintendo accounts have been accessed in a massive data breach that exploited accounts with no two-factor authentication enabled.

Earlier in April, there was a sharp increase in the number of Nintendo users reporting that their accounts had been hacked and accessed from remote locations around the world. Some users even reported losing money as a result of having credit card or PayPal details associated with their Nintendo accounts.

The breach began in early April, and linked to its Nintendo Network ID login system, the company said on its Japanese support site. Nicknames, date of birth, country/region, email address, and gender associated with the NNIDs and Nintendo Accounts that were compromised as part of the breach may have been exposed, Nintendo warns. Some accounts may have been used for fraudulent purchases, including large amounts of Fortnite‘s in-game currency, V-Bucks, according to reports from affected users.

Nintendo says it will reset the passwords of affected accounts, and that users will be notified by email. The company recommends enabling two-factor authentication for your Nintendo Account, and using separate passwords for NNID and Nintendo Account logins.

The Japanese consumer electronics giant said it is also resetting passwords for the affected accounts — but it also advised players to set up two-factor authentication to add another layer of security to their accounts.

“Users will be notified by email to reset your Nintendo Network ID and Nintendo account,” according to the translated version of the statement. “If you have already logged into your Nintendo account via your Nintendo Network ID, please log in using your registered Nintendo account email address or login ID.”

Nintendo has asked any users who have lost money through the attacks to contact the company to cancel purchases and enable the company to investigate purchase history.