Nearly 160,000 Nintendo Accounts Compromised In Massive Hack

Nintendo has confirmed that about 160,000 Nintendo Network ID accounts have been compromised since the beginning of April. Digital Trends reports: The Japan-based video game company says login ID and password information of these profiles were obtained "illegally by some means other than our service" and in response, it's freezing the ability to log into a Nintendo account through Nintendo Network ID (NNID). Nintendo began looking into a potential breach after several players reported suspicious logins and fraudulent transactions for digital items like Fortnite VBucks through linked PayPal accounts earlier this month. Nintendo's investigation revealed intruders may have accessed personal data such as nicknames, dates of birth, country of residence, and email addresses.

Plus, for users who used the same password for an NNID and Nintendo account, it's warning that their "balance and registered credit card/PayPal may be illegally used at My Nintendo Store or Nintendo eShop." In addition to halting Nintendo Network ID (NNID) logins, Nintendo is reaching out to affected customers via email and resetting their passwords. It's also recommending enabling two-factor authentication to everyone. Despite this, Nintendo is asking users who have discovered fraudulent transactions in their accounts to contact the company so it can cancel the purchases and possibly for initiating refunds.

No wonder...

[Sebby]

I tried to update my account to enable 2FA earlier this week - only to be met with Google's fucking Captcha - so I gave up.

No wonder accounts got hacked - Nintendo obviously wants to make it impossible for users to log in to secure their accounts.

Re:

[LenKagetsu]

To play devil's advocate, that captcha is probably what prevented these accounts from getting 2FA'd by the hackers.

Re:

[AmiMoJo]

You couldn't be bothered to spend a few moments solving the captcha even when it's your money on the line?

It's annoying but come on...

A Succinct-ish Summary

[ewhac]

Checkpoint did a pretty good job of covering this issue [youtu.be] yesterday.

storing passwords!

[bloodhawk]

fuck me dead, how in this day and age does a company like nintendo store passwords. When will they fucking learn, they deserve to be fined into oblivion.

Re:

[AxisOfPleasure]

Two things spring to mind.

1. Good developers want to do the right thing as any dedicated professional does, they get the code together, they test it and POC it, they then lay out how much time they need to ensure it'll work. The management see all that time spent on securing the system as "wasted time" which doesn't bring any money into the company 'cos it will delay the project, so they simply demand a "good enough" solution so the project can be kept on track and the management will get their on-time deli

Re:

[TheRealMindChild]

This isn't a hacked database. I commented what is happening on an earlier story, but it was stale and probably unseen. All of these games whos target audience are younger kids, usually either spam links via ingame chat (not the case here since there is no text chat) to an official looking, credential stealing website to get free game currency. They "log in", nothing happens, they forget about it, then some time down the road, their account is picked off. The other is simply setting up a bunch of googlable

Welcome to Japan

[skovnymfe]

Japan doesn't use off-the-shell anything, they develop all their software in-house, from browsers and email systems to security subsystems.

You can bet your ass all the logins are stored in clear text next to their associated credit card information and sexual preferences in an unencrypted and unprotected database.