Nintendo Disables User NNID Logins After Hackers Compromised 160,000 Accounts

Nintendo confirmed that hackers breached the accounts of 160,000 users by compromising their Nintendo Network ID (NNID) logins. The company has therefore disabled the NNID of users and initiated an automatic login reset for all registered users. The gaming company has also urged all users – even those whose accounts were not compromised – to enable two-factor authentication to prevent future hacking attempts.

Nintendo investigations found that the hackers began breaching user accounts in early April. While there is no evidence that the hackers accessed the credit card information of users, it is evident that they obtained the nicknames, birth dates, countries, and email addresses of affected users. The company continues to investigate the source of the NNIDs that the hackers used to access the accounts, and noted that the fraudulent login IDs were illegally obtained from some external sources other than Nintendo.

It is now no longer possible for Nintendo users to log in to their accounts using the NNID. They have been disabled following the breach. NNIDs were formerly used to access Nintendo accounts before the company changed its Switch console to the latest Nintendo system, however, users could still use them to access their 3D and Wii U devices. But this is no longer the case since NNID and the newer Nintendo Account are not linked anymore.

The hackers used the breached accounts to purchase digital items such as Fortnite VBucks from My Nintendo Store or Nintendo eShop. The company has asked users to evaluate their accounts and report back if there had been any suspicious purchase history they did not authorize so that the purchases can be canceled and reversed.

While the hackers could not have accessed users’ PayPal and credit card details stored on Nintendo accounts, they could have used users’ account balances reflected in their accounts to make fraudulent purchases. Nintendo UK, however, made it clear that there is “currently no evidence pointing towards a breach of Nintendo’s databases, servers or services.”