Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Nintendo Privacy Security

Nintendo Accounts Are Getting Hacked and Used To Buy Fortnite Currency (zdnet.com) 23

Over the course of the last month, Nintendo users have been increasingly reporting that their accounts have been getting hacked and accessed from remote locations around the globe, with some users losing money as a result of the unauthorized intrusion. From a report: The account hijackings appear to have started mid-March and have reached a peak over the weekend when more and more users started receiving email alerts that unknown IP addresses have been seen accessing their Nintendo profiles. The way accounts are getting hacked is currently unknown. It is unclear if hackers are using passwords leaked in data breaches at other sites to also gain access to Nintendo accounts. Some users reported using complex passwords generated through a password manager, passwords that were unique to their accounts, and not used anywhere else. This suggests hackers might be using more than the classic credential stuffing, password spraying, or brute-force attacks. Nintendo has yet to release a formal statement about the attacks; however, the company has advised users earlier month on Twitter and Reddit to enable two-step verification (2SV) for their accounts, suggesting that this might prevent intrusions.
This discussion has been archived. No new comments can be posted.

Nintendo Accounts Are Getting Hacked and Used To Buy Fortnite Currency

Comments Filter:
  • Perhaps this will hammer home that THERE IS NO COMPLETE SECURITY ON THE INTERNET. And perhaps responsibility for losses will shift to vendors rather than end users.
  • Any business that lets you store some sort of virtual currency in an account needs to be regulated like a bank.
  • The obvious answer here is to remove fortnite from the Nintendo platform. Remove the incentive for fraudulent activity and the fraud will stop.

    • They wouldn't even have to remove it. They'd just have to stop giving it away for free. I'm thinking a minimum price of about 5$ would eliminate most the fraud.

  • All of these games whos target audience are younger kids, usually either spam links via ingame chat (not the case here since there is no text chat) to an official looking, credential stealing website to get free game currency. They "log in", nothing happens, they forget about it, then some time down the road, their account is picked off. The other is simply setting up a bunch of googlable websites for "free vbucks" and the victims will come to you and enter whatever account credentials you prompt them for.
  • To update my account to enable 2FA - only to be met with Google's fucking Captcha - so I gave up.

    No wonder accounts are getting hacked - Nintendo obviously wants to make it impossible for users to log in to secure their accounts!

  • Nintendo's implementation of 2FA uses an app instead of a code sent to your phone or email.

    Nintendo prompts you to download the Google Authenticator app, but I understand other similar products may work.

    The problem is, Google could inadvertently lock you out of your Nintendo account, and can use analytics on how you use their app, what device, and where, etc.

    The privacy issues of using other products is unknown.

    Or, you could simply remove your payment method from your account .
    • That is not how MFA apps work. The only way google could lock you out is if they could remove the app from your phone. MFA apps like google authenticator are local, nothing is processed on google's servers. I use authy for example instead of google auth. It works with Nintendo.

      In addition, nintendo gives you one time rescue codes that bypass the MFA app. So at a minimum you can log in and disable MFA.

    • by kfet ( 1155023 )

      The privacy issues of using other products is unknown.

      LastPass Authenticator seems like a safe bet, and I'm sure there are other alternatives.

    • by bsolar ( 1176767 )
      The Google Authenticator App is just one of the many apps implementing well known standard One-Time-Password algorithms. If you don't like their app you can chose among many other perfectly compatible alternatives, some of them even open source.

"The great question... which I have not been able to answer... is, `What does woman want?'" -- Sigmund Freud

Working...