One of Nintendo
’s main fan sites, Club Nintendo, was reportedly the subject of nearly 24,000 illicit logins over the course of the last month, which led to cybercriminals possibly making off with people’s real names and personal information such as email addresses, physical addresses, and phone numbers.
Club Nintendo lets users accrue gamer points, or “coins”, which they can then trade in for promotional items; fortunately, though, the points are not related to real currency in any way, and Club Nintendo apparently doesn’t have any financial data for its users, so there’s no concern on that front.
Hackers gained access to the site using login
credentials gleaned from another source (or sources), and among some 15 million login attempts, 23, 926 hit paydirt. The site realized that there was a problem after noticing the exceptionally large number of login errors. Thus, this was more of a brute force attack than any particular security flaw in Club Nintendo, but it’s a bit worrisome that there was no action taken after a few million failed logins.
Nintendo suspended the accounts that were hit and sent out an email alerting customers to change their passwords.
This attack follows a similar one
last week, although there’s no indication that the events are related.