Nintendo suspends legacy Nintendo Network ID logins after 160,000 accounts were compromised

Nintendo has recently suffered an attack on 160,000 Nintendo accounts, which saw player accounts get taken over with unauthorised actions taking place as a result. Today, Nintendo announced that it was suspending all Nintendo Network ID logins – a legacy option from the Wii U and 3DS online infrastructure that could be linked to the Nintendo Switch system – but other log in options for Nintendo Accounts will remain available.

Nintendo will also be contacting all of the users whose accounts they believe were accessed in the breach with instructions on what to do when it comes to resetting passwords. Nintendo will not say exactly how the breach occurred,though say there’s no evidence that this is linked to a breach of their databases, servers or services. Reading between the lines, this suggests that NNID log ins have been attacked using passwords leaked from other website breaches. Since NNID log ins can be different to a Nintendo Account, this provided another avenue of attack for hackers in an easily forgotten area for end users.


The full statement is below:

We would like to provide an update on the recent incidents of unauthorised access to some Nintendo Accounts.

While we continue to investigate, we would like to reassure users that there is currently no evidence pointing towards a breach of Nintendo’s databases, servers or services. As one action in our ongoing investigation, we are discontinuing the ability to use a Nintendo Network ID to sign in to a Nintendo Account. All other options to sign-in to a Nintendo Account remain available.

As a further precaution, we will soon contact users about resetting passwords for Nintendo Network IDs and Nintendo Accounts that we have reason to believe were accessed without authorisation.

In addition, we also continue to strongly encourage users to enable two-step verification for their Nintendo Account as instructed here: How to set-up two-step verification for a Nintendo Account.

If any users become aware of unauthorised activity, we encourage them to take the steps outlined in the article about the Nintendo Account recovery process.

During the investigation, in order to deter further attempts of unauthorised sign-ins, we will not reveal more information about the methods employed to gain unauthorised access.

We apologise for the inconvenience and concerns caused to our customers, and we will continue working hard to safeguard the security of our users’ data.

Either way, set up two-factor authentication to avoid this issue in the future.

Source: Nintendo

Written by
From the heady days of the Mega Drive up until the modern day gaming has been my main hobby. I'll give almost any game a go.

1 Comment

  1. So there’s “no evidence” they got hacked, and they won’t tell people what happened, because either (a) somebody else’s problem, or (b) they probably did get hacked but don’t know how yet, or it’s too embarrassing.

    It if does turn out they did a Sony, it’ll be interesting to see the reaction. I suspect they’ll get off lightly, despite the massive difference of people actually losing money this time.

    And turn on 2FA. For everything that supports it. It might be a bit annoying, or be less than ideally implemented (there’s a tiny chance of doing it by text message being less secure than it should be), but just turn it on everywhere.

Comments are now closed for this post.