Nintendo is on fire right now, busting records with their Animal Crossing: New Horizons and Switch sales, but success has a way of attracting bottom feeders and criminals and the company has admitted over 160,000 Nintendo Accounts have been accessed in a major privacy breach. A Nintendo Account is required in order to access online services or buy digital games on a Switch. If you’ve been hacked, private details, including your address and email, may have been exposed. Thankfully, credit card and PayPal data can’t be accessed just by logging into a Nintendo Account, although, hackers can and have used payment methods on file to buy things.
Most, if not all of the unauthorized logins happened through the Nintendo Network ID system (you can also log in to a Nintendo Account via Twitter, Facebook, and Google). The ability to log in with a NNID has now been shut off. In a statement, Nintendo claims their own databases and servers have not been compromised, meaning the hackers logged in using passwords and information gained elsewhere – so, in other words, if your Switch has been hacked, you’ve got a bigger security issue on your hands. Change all your passwords now.
We would like to provide an update on the recent incidents of unauthorised access to some Nintendo Accounts. While we continue to investigate, we would like to reassure users that there is currently no evidence pointing towards a breach of Nintendo's databases, servers or services. As one action in our ongoing investigation, we are discontinuing the ability to use a Nintendo Network ID to sign in to a Nintendo Account. All other options to sign-in to a Nintendo Account remain available.
As a further precaution, we will soon contact users about resetting passwords for Nintendo Network IDs and Nintendo Accounts that we have reason to believe were accessed without authorisation.
During the investigation, in order to deter further attempts of unauthorised sign-ins, we will not reveal more information about the methods employed to gain unauthorised access. We apologise for the inconvenience and concerns caused to our customers, and we will continue working hard to safeguard the security of our users' data.
Nintendo is encouraging Switch owners to set up two-step verification for their Nintendo Accounts. You can learn how to do that, right here.
I definitely urge Switch owners check for any sort of strange account activity as soon as possible. Has anybody out there been affected by this breach?