Nintendo Accounts Are Getting Hacked and Used To Buy Fortnite Currency (zdnet.com) 23
Over the course of the last month, Nintendo users have been increasingly reporting that their accounts have been getting hacked and accessed from remote locations around the globe, with some users losing money as a result of the unauthorized intrusion. From a report: The account hijackings appear to have started mid-March and have reached a peak over the weekend when more and more users started receiving email alerts that unknown IP addresses have been seen accessing their Nintendo profiles. The way accounts are getting hacked is currently unknown. It is unclear if hackers are using passwords leaked in data breaches at other sites to also gain access to Nintendo accounts. Some users reported using complex passwords generated through a password manager, passwords that were unique to their accounts, and not used anywhere else. This suggests hackers might be using more than the classic credential stuffing, password spraying, or brute-force attacks. Nintendo has yet to release a formal statement about the attacks; however, the company has advised users earlier month on Twitter and Reddit to enable two-step verification (2SV) for their accounts, suggesting that this might prevent intrusions.
Re: (Score:2)
Epic kowtows to Tencent, they don't care where the money comes from.
Re: (Score:2)
The two-step authentication has been available for Nintendo accounts since 2017 [nintendolife.com].
Re: (Score:3)
If you read the article, you'll see that they are charging bank cards linked to the nintendo account, buying things like games and in-game currency. It's not monopoly money.
Re: (Score:2)
So they're using other peoples real money to buy monopoly money.
Re: (Score:2)
yes. and games.
Re: (Score:2)
Re: (Score:2)
Oh wait this is worth money and crypto currency isn't? Make up your mind slashdot!
Re: What kind of thieves are those? (Score:1)
Monopoly money and other in-game items sell well on places like eBay.
I can't imagine paying somebody else to play the game for me, that just doesn't seem like 'winning', but other people have their own priorities.
In a way, I'm glad to see this (Score:1)
Account stores virtual money? That's a bank. (Score:1)
Re: Account stores virtual money? That's a bank. (Score:1)
So that means high-karma accounts on Slashdot need to be regulated like bank accounts?
Shut down Frotnite (Score:2)
The obvious answer here is to remove fortnite from the Nintendo platform. Remove the incentive for fraudulent activity and the fraud will stop.
Re: (Score:1)
They wouldn't even have to remove it. They'd just have to stop giving it away for free. I'm thinking a minimum price of about 5$ would eliminate most the fraud.
I know how (Score:2)
Tried to log in (Score:2)
To update my account to enable 2FA - only to be met with Google's fucking Captcha - so I gave up.
No wonder accounts are getting hacked - Nintendo obviously wants to make it impossible for users to log in to secure their accounts!
2FA Uses an Authenticator App (Score:2)
Nintendo prompts you to download the Google Authenticator app, but I understand other similar products may work.
The problem is, Google could inadvertently lock you out of your Nintendo account, and can use analytics on how you use their app, what device, and where, etc.
The privacy issues of using other products is unknown.
Or, you could simply remove your payment method from your account .
Re: (Score:2)
That is not how MFA apps work. The only way google could lock you out is if they could remove the app from your phone. MFA apps like google authenticator are local, nothing is processed on google's servers. I use authy for example instead of google auth. It works with Nintendo.
In addition, nintendo gives you one time rescue codes that bypass the MFA app. So at a minimum you can log in and disable MFA.
Re: (Score:1)
The privacy issues of using other products is unknown.
LastPass Authenticator seems like a safe bet, and I'm sure there are other alternatives.
Re: (Score:2)