Over the past several weeks, hundreds of gamers have been reporting suspicious activities on their Nintendo accounts, and now Nintendo confirms that over 160,000 accounts have been hacked.
According to reports on Reddit and Twitter, unauthorized actors were logging in into the accounts of the victims and abusing the payment cards connected to the platform to buy digital goods on Nintendo stores, such as V-Bucks, the currency used in Fortnite, the game.
A statement that was released on Friday said that the attackers have been abusing Nintendo Network ID (NNID) legacy systems as from the beginning of this month to hack into the accounts of the victims.
NNID is different from a Nintendo account used for the Nintendo Switch, which was released in 2017. It was used for the Wii U console and 3DS handheld, both of which are discontinued.
An NNID was accessed by attackers and linked to a Nintendo account and then used as a login option. From there, the attackers could access the method of payment used by users, whether it is payment cards or PayPal, and make in-game purchases.
Nintendo did not provide the details on how attackers accessed the NNID accounts, though. All they said is that they were obtained illegally, and it has now disabled the ability to login to a Nintendo account through NNID.
“In response to recent incidents related to some Nintendo accounts, it is no longer possible to sign into a Nintendo Account using Nintendo Network ID. We apologize for any inconvenience caused.” Nintendo UK tweeted.
In response to recent incidents related to some Nintendo Accounts, it is no longer possible to sign into a Nintendo Account using a Nintendo Network ID. We apologise for any inconvenience caused. Please visit our Support website for more information: https://t.co/GMrXr5OHW0
— Nintendo UK (@NintendoUK) April 24, 2020
Nintendo further warned that the attackers might also have accessed other information, such as date of birth, email addresses, usernames, and other information associated with NNID accounts.
Nintendo will reset the affected accounts, and it has advised the affected users to set up a two-factor verification to enhance the security of their accounts.
Nintendo has a massive number of users of over 20 million, but this has also made it a target for cybercriminals. The discovery of leaked source code for Team Fortress 2 and Counter-Strike: Global Offensive- this week has led to many security concerns, and some people were even calling gamers to uninstall the software from their PCs.
Threatpost contacted Nintendo for a comment about these hacks, and this is what they said, “We sincerely apologize for any inconvenience caused and concern to our customers and related parties. In the future, we will make further efforts to strengthen security and ensure safety so that similar events don’t occur.”