Eurogamer reports that the issue was first noticed by Twitter user Pixelpar, who claims he had his account accessed “numerous times overnight” from new locations, receiving several warning emails that alerted him to the breach. There have been similar reports since this, however, those with accounts linked to PayPal have noticed several Fortnite VBuck currency purchases.
Nintendo has confirmed the hacks are happening and agrees that the best defense against the breach is to enable two-factor authentication on your accounts. “We are aware of reports of unauthorised access to some Nintendo Accounts and we are investigating the situation,” a Nintendo spokesperson told Eurogamer. “In the meantime, we recommend that users enable two-step verification for their Nintendo Account as instructed here. If any users become aware of unauthorised activity, we encourage them to take the steps outlined,” for general support.
When visiting your user profile on the site, locate the “Sign-in and security settings” section, where a “2-Step Certification settings” option is found. From there, users can edit the setting, confirm their email address, and wait for a verification code to be sent. Once users enter the code, they can scan a barcode into the Google Authenticator app, and anyone accessing the account from then on will need to also enter a code.
In other Nintendo news, the company has upped Switch production to meet recent shortages.
I suspect Nintendo may have had a major security breach. My account was accessed numerous times overnight.
My password is a unique string and my PC is definitely clean (not that I ever login via it).
Lots of similar reports on Reddit/twitter.
Unlink PayPal & enable 2FA folks!
— Pixelpar (@pixelpar) April 19, 2020