Back on April 20, reports started to appear of gamers discovering their Nintendo accounts had been accessed by an unauthorized person. Even worse, was the fact linked PayPal accounts had been used to purchase Fortnite VBuck currency. At the time Nintendo didn’t publicly acknowledged a security problem, but now it has.
As The Verge reports, Nintendo posted a notice to customers on its Japanese website informing them that illegal logins had occurred. In total, some 160,000 Nintendo Accounts have been accessed without user consent. As well as PayPal accounts being used to purchase digital goods, the hacker(s) gained access to a user’s name, nickname, date of birth, gender, country, region, and email address. Thankfully, no credit card information was accessed.
Nintendo explains that the access was gained through the old Nintendo Network ID (NNID) system, which was used with the Wii U and 3DS. As Engadget reports, NNID passwords had to be entered using on-screen keyboards, making them harder and more frustrating to type, which led to weak password choices. NNID accounts can also be linked to the more recent Switch accounts, making it easy to access the PayPal account associated with it.
Nintendo decided to disable all NNID accounts to stop any further unauthorized access and has agreed to refund any fraudulent purchases. Regardless of whether your Nintendo account was accessed or not, enabling two-factor authentication will make your account much more secure going forward.