Nintendo announced that 300,000 Nintendo Network ID (NNID) accounts were compromised by hackers as part of the security breach the company reported last April. Login IDs and passwords were obtained illegally and have been used since the beginning of April to gain access to the accounts.
Nintendo Network IDs are used for the 3DS and WiiU game consoles allowing users to link their systems to a shared wallet. Since 3DS and Wii U users can also link their accounts to Nintendo Switch’s Nintendo Account, data may also be compromised if users had the same password on both their NNID and Nintendo Account.
How bad is this?
Hackers may have used the compromised account information to buy digital items from the My Nintendo Store or Nintendo eShop, using stored credit cards or PayPal log-ins. Customer email addresses, nicknames, and dates of birth may have also been compromised which could be used to log in to other accounts using the same information. Some Nintendo Switch users reported that an unauthorized third-party had assigned the users’ account and games to the third-party’s Switch, rendering them unable to play games they had paid for.
Am I affected?
Nintendo reached out to all affected customers to help take additional steps and keep affected users protected. If you were affected, you should have received a notification from Nintendo.
How can I address this risk?
There are two things that you should do:
- Change the passwords associated with both your Nintendo Account and your Nintendo Network ID.
- Set up two-factor authentication on your Nintendo Account, which adds an extra layer of security on top of your password.