Nintendo Admits 160,000 Accounts Compromised In Global Hacking Campaign

Nintendo Switch
Hackers recently targeted Nintendo Switch owners, leading to the recommendation that users enable two-factor authentication (2FA), which is generally solid advice anyway. In the aftermath of the hacking campaign, Nintendo is no longer allowing Switch owners to log into their Nintendo accounts through a Nintendo Network ID (NNID). Nintendo also confirmed how many accounts were compromised.

According to Nintendo, around 160,000 accounts were hacked. On those accounts, hackers were able to see nicknames, genders, dates of birth, country/region information, and email addresses.

Nintendo also acknowledged that hackers may have illegally made purchases on affected accounts using existing balances, credit cards, and PayPal accounts belonging to the victims. This could have occurred if someone used the same password for their Nintendo account and NNID.

"We sincerely apologize for any inconvenience caused and concern to our customers and related parties. In the future, we will make further efforts to strengthen security and ensure safety so that similar events do not occur," Nintendo said in a statement (translated from Japanese).

Nintendo also said it is resetting passwords on affected accounts, and is notifying those users by email. When setting up a new password, Nintendo reiterates it should be entirely unique, and not one that is already used for any other service. When we talk about sensible computing habits, this is one of the things we mean.

In case it's not obvious, the reason unique passwords should be used for different accounts is to protect against a single security breach affecting multiple accounts at the same time. At the very least, it's a good idea to use different passwords for accounts that matter, like banking institutions and any services that are tied to payment methods and/or contain personally identifiable information.

How To Configure Two Factor Authentication On Your Nintendo Account

Setting up two-factor authentication is not difficult, though there are several steps involved. Fortunately, you only have to set this up once. Here's how...
  1. Go to the Nintendo Account website and sign in to your Nintendo Account.
  2. Select Sign-in and security settings, then scroll down to 2-Step Verification and click Edit.
  3. Click 2-Step Verification settings.
  4. Click Send email to have a verification code sent to the email address on file.
    • If the email address is incorrect, click the Email address menu setting under User Info to change it.
  5. Enter the verification code from the email, then Submit.
  6. Install the Google Authenticator app on your smart device.
  7. Use the smart device app to scan the QR code displayed on your Nintendo Account screen.
  8. A 6-digit verification code will appear on your smart device. Enter the verification code into the field under step 3 on the Nintendo Account screen, then Submit.
  9. A list of backup codes will appear. Click Copy to copy all the codes, then paste them somewhere safe. 
    • A backup code will be required to log in if you don’t have access to the Google Authenticator app. MAKE SURE TO KEEP THESE SOMEWHERE SAFE.
    • You can use these (one time each) if you do not have access to the Google Authenticator app.
  10. Click I have saved the backup codes, then OK.
    • Once set, you can return to the 2-step verification settings section to review the backup codes and remove the 2-step restriction.
Once you have done this, it will be far less likely that someone will gain unauthorized access to your account.