Are you a fan of Nintendo's gaming consoles? Do you have a Nintendo Switch, a Wii U, Or Nintendo 3DS? Yes? You might have been hacked.
Since the beginning of April 2020, almost 300,000 Nintendo accounts have been hacked by exploiting the legacy Nintendo Network IDs (NNID) authentication system.
NNID is a unique username and password based authentication method used mainly for older Nintendo 3DS and Wii U consoles. However, users can simply create an account using an email address on the newer Nintendo Switch console, although it was possible to link it to their NNID.
The hack was first discovered in April, when the company stated that users will no longer need to use the IDs to log in to their accounts and that breached accounts will be reset. The company previously accounted for a total of 160,000 hacked accounts, however, upon further investigation, that number was found to be almost twice as large.
The impact and the response
The hack came into light when social media users started complaining about missing funds from their Nintendo accounts, where in most cases, these funds were used to buy Fornite’s virtual currency.
The threat actors were also able to see users’ birthdates, email addresses, and region of residence. However, no credit card information was stolen, as reported by the company.
The victims of the hack will receive password resets via email from Nintendo and log in through NNID has been eliminated. Nintendo also advised users to check their purchase history for any unauthorized transactions.
The bottom line is that if something is connected to the Internet, there are going to be probable hacking attempts on it. Users should enable two-factor authentication (2FA) mechanism to protect their online accounts from such hacks.