Nintendo hacked. Details of 160,000 accounts leaked. Hackers can spy through Nintendo Switch

Recently, hundreds of Nintendo console users reported various signs of suspicious activity on their accounts through social media. According to network perimeter security experts, these alleged attackers entered users’ accounts to use their payment cards and purchase products from Nintendo’s digital store.

Just a few hours ago Nintendo acknowledged the incident, mentioning that these threat actors attacked the Nintendo Network ID (NNID) login system in early April, compromising users’ accounts. This system is mainly used by console owners such as Nintendo 3DS and Wii U, which are no longer supported. It should be noted that this is a different system from that used by Nintendo Switch users, which requires a Nintendo account.

According to network perimeter security experts, an NNID account can be linked to a Nintendo account and used as a login option. In the event that a threat actor accesses a linked NNID, it could easily access the corresponding Nintendo account. Once inside the account, hackers would have access to the victim’s payment cards and even their accounts on payment systems like PayPal.

The company did not provide technical details about the intrusion, although it added that the hackers obtained NNID accounts illegally through a third party. In response, Nintendo disabled the feature to access Nintendo accounts using NNIDs, in addition to having reset the passwords of the compromised accounts, the network perimeter security experts mention. 

User reports also mention that threat actors might also have modified some data in users’ profiles, such as “nicknames”, dates of birth, place of origin, and email address associated with NNID. Not everything is bad news, as Nintendo claims that users’ credit card data was not compromised during the incident, so hackers only used it inside the virtual store.

This incident demonstrates that the gaming community is a frequent target of threat actors, experts from the International Institute of Cyber Security (IICS) mention. Recently the code of two popular video games was leaked, which caused various problems for developers and users. As if that wasn’t enough, experts warn about a new variant of ransomware that could affect thousands of Fortnite players.