Nintendo has announced that there has a been a breach of security concerning its older online service known as "Nintendo Network ID" (NNID). They say that up to 160,000 accounts have been affected by the breach.
They have also confirmed that some new "Nintendo Accounts," which are used on the Nintendo Switch and in their smartphone games, have also been accessed through linked NNID accounts that have been compromised.
The data most likely to have been obtained through this breach are things like nicknames, dates of birth, email addresses, and more. Credit card numbers are not thought to have been obtained. However there may be a chance that unauthorized payments may have been made using the payment methods registered to the compromised accounts.
・Disabled the ability to log in to a Nintendo Account using an NNID
・Reset the passwords of accounts that may have been compromised
in response to the breach.
Users who may have been affected have been contacted by email, and the next time they try to log in to their accounts they will be asked to reset their passwords.Nintendo has a number of current and outdated services, so to help make things clearer:Nintendo Network ID (NNID)
is the service created for and used by the Nintendo 3DS and Wii U. This is the account type that has been compromised at this time.
The information that may have been leaked includes the nickname, date of birth, country/region, and email address
registered to the NNIDNintendo Account
is the current account type used by the Nintendo Switch and in Nintendo's smartphone games.
This is separate to the NNID, but as Nintendo offers a "log in to your Nintendo Account with your NNID" function, if an NNID has been compromised then there's a chance that a connected Nintendo Account may also be vulnerable.
In that case, the information that may have been leaked includes the name, date of birth, gender, country/region, and email address
registered to the Nintendo Account.
In response to the breach, Nintendo has explained that in relation to the unauthorized logins "there is currently no evidence pointing towards a breach of Nintendo's databases, servers, or services."
We can assume that this means Nintendo has determined that the breach did not occur as a result of unauthorized access to their services.
・Check your email
What to do Next
Nintendo has reset the passwords of any NNID/Nintendo Accounts that may have been affected and sent an email to the owners. Be aware that even if Nintendo has not contacted you, there is a chance that your account has been compromised.
And if you do get a message, make sure to check that it isn't a fraudulent email
asking you to "reset your password as soon as possible."・Reset your password
It's important to not use a password you've already used on another service.・Check your recent purchases to see if any unauthorized purchases have been made
Credit card numbers may not have been leaked, but there is a chance that purchases have been made using the credit cards and PayPal accounts registered to the NNID. If this has happened then Nintendo will investigate your case and cancel any unauthorized purchases made.
Nintendo will be investigating the cases in order, so there is no need to contact support about this issue. Nintendo is currently running a reduced support service due to the coronavirus pandemic, so it is expected to be unusually busy for the foreseeable future. If you don't receive a response in some time then you should contact Nintendo, as it may be the case that they have not been made aware of your case.・Set up a Two-Step Verification on your Nintendo Account (Recommended)
If you have a two-step verification then even if your login email address and password are leaked, as has happened this time, you still need to verify your identity on your smartphone to log in, meaning you're protected from third parties gaining access to your account.Important Notice on the Unauthorized Access to some "Nintendo Network ID" Accounts and Request to Improve the Safety of your "Nintendo Account"｜Support Information｜NintendoThis article was originally written in Japan. The images and content are as they were in Japan at the time of writing.