Nintendo Announced 160,000 Users Impacted in Recent Account Hacks

The Japanese games company Nintendo shared that hackers managed to gain unauthorized access to about 160,000 accounts since the beginning of April.

The statement was published on their Japanese site. The company responded to the massive amount of complaints from their customers over the last week. Nintendo users took their complaints to social media websites, sharing that hackers were accessing their Nintendo accounts and then abusing the registered cards to buy other Nintendo games or Fortnite in-game currency. Security researchers are ruling out a credential stuffing attack at this time. Users are reporting they had strong passwords, unique to their profiles in Nintendo.

Account hacks are taking place through the NNID legacy system

Nintendo confirmed that a credential stuffing attack wasn't the source of the recent troubles. What the company shared was that the source of the problems was the abuse of NNID integration. NNID is the Nintendo Network ID system, a legacy login used to manage the accounts of the older Nintendo 3DS and Wii U platforms.

On the newer devices offered by Nintendo, users may link their old NNID accounts into their Nintendo profile. The company didn't share any details on what happens, but they confirmed the hackers are abusing that integration to gain access to the main Nintendo profiles of affected users. Nintendo shared they are removing the ability to log into the main accounts using the older NNID system as a response to the attacks.

Nintendo asking users to reset their passwords

The company shared that they are contacting the impacted users, asking them to reset passwords on both accounts. Nintendo recommended that users set up different passwords for every account. Customers using the same password at the moment were advised to do the same, even if they weren't targeted by the attacks yet. Users were also advised to set up two-step verification if they haven't done so already.
The company also warned customers that hackers might have had access to other information on the accounts, such as dates of birth, regions, emails, countries of origin, and Nintendo nicknames. Nintendo apologized for the inconvenience and promised they'll make further efforts to strengthen their security to prevent similar events.