Nintendo Confirms 140,000 Additional User Accounts Breached During Recent Hack
Towards the end of April, Nintendo issued a notice saying login details for as many as 160,000 Nintendo accounts had been compromised as a result of a data breach. In actuality, the number of affected accounts is nearly twice as high—Nintendo this week provided an update on the matter, saying it has identified an additional 140,000 users accounts that "may have been accessed maliciously."
The new figure is not part of a separate hack, but the result of Nintendo's ongoing investigation into the matter. As discovered in April, hackers were able to exploit Nintendo Network IDs (NNIDs). These were mainly relevant back in the days of the Wii U and Nintendo 3DS, but could be linked to a Nintendo Account to share eShop funds across different systems.
in the aftermath of the attack, Nintendo stopped allowing the practice of logging into a Nintendo account with an NNID. The company also had reset the passwords on affected accounts, and is the doing the same thing on the new batch of accounts it has identified as being compromised. Those affected should receive an email from Nintendo.
The addition of 140,000 affected accounts brings to the total number to around 300,000. That is no small figure, though according to Nintendo, less than 1 percent of NNID accounts may have been used to make a fraudulent purchase. In each of those cases, Nintendo will be issuing a refund to the rightful account holder, if one has not been issued already.
On affected accounts, hackers were able to see the user's nickname, date of birth, country/region, and email address. Fortunately, they were not able to see any credit card details.
As with before, Nintendo continues to recommend enabling two-factor authentication (2FA) to add a layer of protection against this sort of thing.