160,000 accounts have been illegally accessed.
Since the beginning of the month, Nintendo has been receiving an increased number of reports from users claiming their accounts have been accessed by an unknown third party. Today, Nintendo officially announced that at least 160,000 accounts have been accessed by hackers. According to the company, hackers utilized login information “obtained illegally by some means other than our service” to access the accounts.
In order to deter further hacking, Nintendo has disabled their Nintendo Network ID legacy login function. To clarify, the Nintendo Network ID was a separate account users made for Nintendo’s previous systems, the 3DS and Wii U, that could be linked to a normal Nintendo account used on a Switch. If the Switch account’s credentials were lost, one could still log in through their Nintendo Network ID. Nintendo has determined, however, that these legacy logins are a highly vulnerable avenue of attack for hackers, and have completely shut them down.
Any user that has been confirmed to have had their account illegally accessed has had their password reset and been sent an official notice from Nintendo. According to testimonials from hacked users, the hackers have primarily been using stored payment information to purchase VBucks, the premium currency used in the game Fortnite, in bulk. Nintendo has requested that any affected user contact them so they can check their purchase history in an effort to cancel the hackers’ purchases.
Nintendo has advised all users to enable two-step verification on their Nintendo account using a smartphone and the Google Authenticator app.