Nintendo admitted that over 160,000 of its gamers’ accounts have been hacked, after hackers exploited Nintendo Network ID (NNID) login system. In an official release, the Japanese consumer electronics giant stated that attackers illegally obtained users’ login IDs and passwords and made unauthorized logins and purchases. A NNID is like a user ID, which can be linked to Nintendo account and used as a login option. If an NNID is compromised, the attackers can access the Nintendo account linked to it.
The company revealed that hackers may have accessed users’ nicknames, dates of birth, countries, email address, and other information linked to NNIDs. Nintendo notified the affected users to reset their account passwords and advised them to set up two-factor authentication for an extra layer of protection. Nintendo also disclosed that the registered credit cards or PayPal accounts of users linked to their Nintendo accounts may have been used at the My Nintendo Store or Nintendo eShop. However, the company clarified that no credit card information was stolen.
Nintendo gamers have been reporting suspicious activities on their accounts over the past few weeks. According to the complaints reported on Twitter and Reddit, threat actors were logging into victims’ accounts to abuse the payment cards linked to the accounts. It is said that hackers made purchased digital goods on Nintendo’s online stores. “Someone hacked my PayPal and spent $200 on Nintendo games,” a gamer reported.
Even after the improved security measures, the data hacks have become common in the online gaming industry. Earlier, the popular online video game Town of Salem suffered a cyberattack that compromised the personal information of more than 7 million gamers. The Town of Salem is a role-playing game operated by BlankMediaGames with around 8 million users.
BlankMediaGames confirmed that its servers and databases were hacked, resulting in data theft of users’ names, emails, passwords, IP addresses, and Game & Forum Activity. The gaming company said that it never stores credit card, payment information or personal identifying information of the users. BlankMediaGames notified the users about the data breach via emails and suggested they change their passwords to prevent further loss.