Japanese consumer electronics and video game giant, Nintendo, had earlier admitted that over 160,000 of its gamers’ accounts had been hacked by cybercriminals. However, further internal investigations have now confirmed that another 140,000 user accounts were compromised, taking the tally to 300,000 affected accounts.
The Nintendo Data Breach
Nintendo has a unique NNID (Nintendo Network ID) for all its users. NNID acts like a user ID, which can be linked to the Nintendo account and used optionally for login purposes. However, the cybercriminals exploited this NNID login system, and illicitly gained access into the Nintendo accounts linked to it. The cybercriminals further had access to users’ nicknames, dates of birth, countries, email addresses, and other information linked to the NNIDs which posed a severe identity theft threat. The worst nightmare, however, came true when some users started reporting suspicious activities on their accounts. One of the users reported, “Someone hacked my PayPal and spent $200 on Nintendo games.”
Even after revising the numbers, Nintendo confirmed that less than 1% of all NNIDs around the world may have been illegally logged in been fraudulently traded.
Nintendo informed its users in an official release that due to the amount of damage caused and as a foot forward in a secure direction it is “now abolishing the function to log in to a Nintendo account via NNID.” As part of additional security measures, Nintendo informed its users of a sequential password reset for all affected NNIDs and Nintendo accounts. It has also urged its users to integrate a two-step verification process and usage of different passwords for all their NNIDs and Nintendo accounts to prevent such mishaps in the future.
It is essential to find and report new threats as users can take further measures to avoid identity theft and subsequent monetary losses.