Back in April a major Switch security breach came to light, with over 160,000 Nintendo Accounts being breached by hackers. Most, if not all, the unauthorized logins happened through the Nintendo Network ID system (you can also log in to a Nintendo Account via Twitter, Facebook, and Google). Nintendo claimed their own databases and servers had not been compromised, meaning the hackers logged in using passwords and information gained elsewhere. Following the hacking announcement, Nintendo shut off NNID logins temporarily and encouraged Switch users to set up two-step verification.
Well, unfortunately this story isn’t over – since initially reporting the hacking problem, Nintendo has discovered that an additional 140,000 accounts have been accessed.
We posted a report on unauthorized login on April 24th, but as a result of continuing the investigation after that, there were approximately 140,000 additional NNIDs that may have been accessed maliciously. We have reset the passwords for these 140,000 NNIDs and the Nintendo accounts that were linked with them, and contacted the customers. Less than 1% of all NNIDs around the world that may have been illegally logged in may have actually been fraudulently traded through their Nintendo account. At the same time, we are taking additional security measures.
Nintendo has now permanently shut down NNID logins. A Nintendo Account is required in order to access online services or buy digital games on a Switch. If you’ve been hacked, private details, including your address and email, may have been exposed. Thankfully, credit card and PayPal data can’t be accessed just by logging into a Nintendo Account, although, hackers can and have used payment methods on file to buy things. Nintendo is issuing refunds for unauthorized purchases.
You can get the details on setting up two-step authentication for your Nintendo Account (which you really ought to do), right here.