Major game maker, Nintendo is the latest victim of a data breach. Their network saw 160,000 accounts compromised after a hack.
Remember the great Playstation outage of 2011? The one that resulted in an at the time staggering 70-77 million users being put on fraud alert? The one that resulted in the filing of multiple class action lawsuits? That same one where Sony executives in a press conference famously bowed to the audience in a sincere form of apology? For me, that was a story that went from a somewhat noteworthy outage to one of the biggest stories I’ve ever covered. All I could do as a journalist is just hang on for the ride as the story spiralled out into epic proportions. The damage to Sony’s reputation as a secure company was incredible.
Of course, if you think that Sony is the only one of the big three game manufacturers to have an incident like that happen to them, you’d be wrong. As we say over and over again, no organization is completely immune to these things. While it is (so far) not as big by any means, Nintendo is now taking their turn in the “our network got breached” game. Reports surfacing say that a hacker gained access to Nintendo’s gaming network and stole the credentials from an estimated 160,000 Nintendo users. From Threat Post:
Nintendo said over 160,000 accounts have been hacked, due to attackers abusing a legacy login system.
Over the past few weeks, Nintendo gamers have been reporting suspicious activities on their accounts. According to the complaints, aired out on Twitter and Reddit, unauthorized actors were logging into victims’ accounts and abusing the payment cards connected to the accounts to buy digital goods on Nintendo’s online stores, such as V-Bucks, in-game currency used in Fortnite.
In a Friday statement, Nintendo said that attackers have been abusing its NNID (Nintendo Network ID) legacy login system since the beginning of April to hack into the accounts. NNID was primarily used for the Nintendo 3DS handheld and Wii U console (both now discontinued). This is different from a Nintendo account, which is used for the Nintendo Switch (Nintendo’s most recent gaming console, released in 2017).
A NNID can be linked to a Nintendo account and used as a login option. If attackers were able to access a linked NNID, they could then access the linked Nintendo account. From there, they’d have access to payment methods (via PayPal or payment cards) necessary for making in-game purchases.
Attackers may have also been able to access users’ nicknames, dates of birth, countries and email address information, all of which were associated with the NNID, Nintendo warned. Credit card data was not accessed.
Nintendo responded by shuttering access via the Nintendo Network ID system. Additionally, Nintendo is resetting the passwords of accounts affected by the breach. So, if anything, we are seeing some good initial first steps on Nintendo’s part if that counts for anything.
April has been a pretty active month for security incidences. First, we saw the 5.6 million account data breach from Marriott Hotels. That was followed up by the San Francisco International Airport getting hit with a breach which saw 2 websites affected. After that, there was the Aptoide data breach which saw 39 million accounts compromised. Finally, there was the rather cruel COVID-19 SBA disaster relief program data leak which saw 8,000 businesses compromised.
If anything, this shows that April is not yet done on this front. At the very least, the month is ending with a bang with a particularly big name getting hit.
Drew Wilson on Twitter: @icecube85 and Facebook.