Back in April, Nintendo posted a notice to customers informing them unauthorized access had occurred to some 160,000 Nintendo Accounts. Now it seems, that total was quite a way off because it’s just been updated to 300,000 accounts.
The unauthorized access was gained through the old Nintendo Network ID (NNID) system used with the Wii U and 3DS. Because input was limited to on-screen keyboards, users typically picked weak passwords for their accounts. NNID can be linked to a Switch account and therefore PayPal, making them a nice target for hackers who took full advantage and purchased digital goods through them.
As Engadget reports, even though Nintendo reported the 160,000 account total back in April, the investigation continued. Since then, another 140,000 accounts have been identified as being vulnerable to malicious activity. In response, Nintendo disabled the NNID system and agreed to refund any fraudulent purchases linked to the affected accounts. There’s quite a few more accounts it now has to do that for, though. The company also reset the password on each account and contacted the owners so they know what’s happened and why.
Going forward, the best thing Switch owners can do is enable two-factor authentication for their Nintendo Account. That way, even if a hacker manages to steal your password, they can’t use it without a second piece of identity verification.