Throughout the month of April, , users of online Nintendo accounts on devices like the Switch have reported receiving email notices that their accounts have been accessed by outside parties. Are you of 1 of them? Click "Read More" to know.
The plain-text email notice from Nintendo looks something like this, with the title "[Nintendo Account] New Sign-In". The notice included the following sign-in details: {a (XXX) timing ; the sign-in taking place via the (Chrome/Safari/Firefox and etc) browser, and a location estimate of "(Country/Location)," which the email says is "estimated based on the IP address used."
IP addresses generally pin users down to the county level when traced in the United States, and they are often as specific as individual cities or states. Nintendo has now issued a statement (here) confirming up to 160,000 Nintendo Accounts have been affected by the recent breach. Nicknames, date of birth, gender, country/region, and email address information may have been viewable by hackers, the company says. There's no indication that credit card information was visible to hackers, though, even as some accounts may have seen illegitimate purchases through linked payment information.
Nintendo says it has discontinued the ability to link outdated Nintendo Network IDs to Nintendo accounts, which appears to have been the main vector for the credential-stuffing attacks. Compromised Nintendo Network IDs will have their passwords reset automatically.
Nintendo continues to urge its users to activate two-factor authentication on their accounts to prevent any further breaches. In the meantime, we encourage anyone who has ever used an online Nintendo service to change their passwords, un-link payment credentials and switch on two-factor authentication (2FA). They are accessible at the "security" sub-page (https://accounts.nintendo.com/security). Keep your account safe during the circuit breaker to ensure you are not log out of your account. Stay safe! Cheers. Comments are closed.
|