After announcing about 160,000 accounts had been accessed with no authorization, Nintendo now reports that as many as 300,000 customer accounts were compromised in April. Over twice the originally reported number had been illegally accessed, the company announced in a statement. Nintendo says the breach was likely the result of customers using the same password in multiple accounts online.
Breached accounts that are linked to PayPal had several transactions for Fortnite currency appearing on connected debit/credit cards. Account nicknames, dates of birth, country/region, email address, and gender information were all exposed in the breach. After several complaints, Nintendo began disabling the ability for folks to log into their Nintendo Accounts using a Nintendo Network ID (NNID).
Although the function previously returned, the ability to log in via NNID has officially been discontinued. Nintendo says it will now contact the additional 140,00 users affected via email. Until then, everyone with a Nintendo account is advised to use a strong password and to change it regularly. Additionally, users should also set up two-factor authentication.
In a separate statement reported by Eurogamer, Nintendo states “while there is no evidence that Nintendo’s databases, servers or services were breached, and while we can confirm that no credit card information was compromised, we took precautionary measures to help safeguard our customers. We discontinued the ability to use a Nintendo Network ID to sign in to a Nintendo Account, and we reached out to all customers whose accounts we had reason to believe were accessed without authorization to help them take additional steps to protect themselves.”
Nintendo then directs folks who are aware of unauthorized activity to visit its site on the account recovery process.
In other gaming news, Riot Games partnered with a crisis text line to provide free mental health support.