Nintendo has confirmed that 160,000 accounts were accessed in hacking attempts worldwide beginning in April. They have responded by disabling the ability to log into a Nintendo account through a Nintendo network ID.
What information was stolen?
- Date of birth
- Country of origin
- Email addresses
Accounts have experienced fraudulent purchases. If you think you’ve been affected, the company is recommending you contact Nintendo so it can investigate the purchase history and cancel purchases.
In an email to affected users, the company is warning that if you’re using the same password for an NNID and Nintendo account, “your balance and registered credit card / PayPal may be illegally used at My Nintendo Store or Nintendo eShop.”
Details are emerging about cyberattacks against users of Nintendo’s Switch gaming console, specifically those using the Nintendo Switch Online service. The attacks have been reported by members of the gaming and media community, who claim to have experienced unauthorized access to their Nintendo accounts, as well as withdrawals from connected payment platforms, such as PayPal.
As social distancing due to COVID-19 continues worldwide, people have turned to indoor activities like streaming and gaming. As a result, video games sales are soaring—notably for Nintendo’s game “Animal Crossing: New Horizons,” which is played on the Switch. With 21% of gamers in the U.S. under the age of 18, parents who have been relying on games to distract, entertain, and educate their kids in these stressful times may want to take additional security precautions on kids’ accounts.
What’s been happening?
While the exact means of attack are still unclear, what seems to be happening is this:
Switch users with PayPal accounts linked to their Nintendo profiles have had those PayPal accounts charged for hundreds of dollars worth of digital currencies that can be used to buy games and upgrades in Nintendo’s online stores. Subsequently, hackers may have offered that currency for illegal resale. At a time when the economic security of millions of people across the globe is in question, attacks like this that affect people’s real-world finances are particularly upsetting.
Usually, these types of hacks are either the result of credential stuffing, where hackers use a database of stolen passwords to log in elsewhere because the passwords are reused, or a brute force attack, which leverages software that attempts many different login/password combinations to breach an account. In the case of the Nintendo attacks, the investigation is ongoing as to how these hackers are operating, and the company has not yet released an official statement.
How can I protect my and my family’s accounts?
Whether the Switch account belongs to you or your kids, there are a few simple things you can do to prevent an attack like this from affecting your family:
Use a strong, unique password on every account.
If this attack is a result of credential stuffing, the easiest way to prevent it is to never reuse a password across accounts. Sound like an impossible feat of memory? That’s where password managers, like Dashlane, can help. Dashlane has a built-in password generator to help you create strong passwords for new accounts and save them securely, plus in-app security alerts that notify you immediately when you need to change your passwords after a data breach.
Enable two-factor authentication (2FA).
While Nintendo has yet to release a statement, they did tweet on April 9th that their users should enable 2FA on their accounts. This is a setting that requires an additional authentication other than your password to log you in. You can get instructions for enabling 2FA on your Nintendo account here.
Consider unlinking your payment method.
We know it’s inconvenient, but until the exact method of attack is known, it may be safer just to unlink your PayPal account or any stored credit cards from your Nintendo profile.
Take a minute to shore up your account now so you can get back to the fun and games.
Looking for more info?
Visit our online safety hub for the latest breach report and a complete guide to staying secure on the internet.