The Nintendo accounts of an unspecified number of users were
compromised in the past few days in an attack from an unknown vector, at least
In just a few days, Nintendo owners noticed
that their accounts had been compromised, losing access. It’s still unclear why
this is happening because the users don’t seem to have many things in common,
with the exception of their Nintendo credentials.
The only hint of something strange going on was a mention on
the official Twitter account
of Nintendo Japan Support, which said people have been experiencing
unauthorized logins and that some of these attackers were accessing users’
credit card data.
This would imply that Nintendo fell victim to a data breach,
but the company remained silent on this possibility, except for a short
statement to VGC:
“We are aware of reports of unauthorized access to some
Nintendo Accounts and we are investigating the situation” says Nintendo. “In
the meantime, we recommend that users enable two-step verification for their
If you have a Nintendo account, change the password
immediately, even if you have had no problems. If that password is the same one
used on other online services, you need to change those ones as well.
Secondly, it’s also very important to activate two-factor
authentication, which makes it much more difficult for anyone to access the
account, even if your credentials have been exposed in a data breach.
Lastly, users should revise any linked payment methods saved
into the account. Check the banking statements for fraudulent purchases.
The fact that it’s still unclear how the attackers got their
hands on login data makes this security issue all the more dangerous. They might
just use credentials from other data breaches, but it’s difficult to take the
right measures when you don’t know what online vector needs to be secured.