Earlier this week, we covered a brewing storm in the Nintendo community, as swarms of Switch owners and Nintendo users reported their Nintendo accounts had been hacked and allegedly used to purchase illicit goods. At the time, Nintendo told Eurogamer that it was “aware of reports of unauthorised access to some Nintendo Accounts and [was] investigating the situation,” while recommending enabling two-step verification on users’ accounts.
Now we know there was indeed a database compromise, as today Nintendo confirmed that “about 160,000” Nintendo Network IDs and Nintendo accounts have been accessed by a third party going back to early April, with said hackers able to acquire information like “name, date of birth, gender, country/region, [and] email address” – but not credit card numbers. Apparently the problem isn’t specific to Switches but rather to players who were using their NNIDs from the Wii U and Nintendo 3DS days. Nintendo has now severed the linking of those accounts and is resetting passwords for everyone affected.
“If you use the same password for your NNID and Nintendo account, your balance and registered credit card / PayPal may be illegally used at My Nintendo Store or Nintendo eShop. Please set different passwords for NNID and Nintendo account. In addition, if damage such as purchase history that you do not know is found in your Nintendo account related to this unauthorized login, conduct an individual investigation and then cancel the purchase etc. We will respond. Please wait as we will proceed with the procedure in sequence.”