In a security news update, Nintendo confirmed that roughly 160,000 user accounts have been compromised. This confirmed suspicions of gamers who were reporting odd activity to the Kyoto-based company in early April. Users on websites like Reddit stated that purchase fraud and other malicious occurrences were taking place, and as a result, the company looked into the issue. The original report is in Japanese, but when translated the key points regarding the breach read as follows:
This time, using a login ID and password information obtained illegally by some means other than our service, a phenomenon that seems to have been made by impersonating login to “Nintendo Network ID (* 1, NNID)” from around the beginning of April. We have confirmed that it is occurring. We also confirmed that there was an illegal login to some “Nintendo accounts” via NNID using this impersonation login.
As a result of this development, NNID logins have been disabled for all Nintendo accounts. The company states in the notice that they will send out, via email, new login information for the NNID. According to Nintendo, there is a set amount of data that the compromising party had access to. This data includes a swath of things used in identity theft like date of birth, country of origin or current residence, and email addresses. The only saving grace of this particular breach, at least according to Nintendo, did not expose credit card data. To be safe, all Nintendo users should monitor their banking statements and also consider signing up for an identity theft protection service.
In all honesty, though Nintendo has admitted that accounts were compromised and apologized for this breach, it in some ways rings hollow. If anything, as a multibillion-dollar corporation, they should be offering theft protection services to all affected customers for free. One thing is certain, this is bad PR for the beloved gaming company and it will take time to repair user trust.
Featured image: Wikimedia