If you’re a Nintendo Switch, 3DS user, or generally use a Nintendo account for any other purpose, then this si concerning. A Nintendo privacy breach has impacted at least 160,000 of us worldwide, although Nintendo has now confirmed more details on what that actually means.
The Nintendo privacy breach; what’s the latest?
Earlier today, Nintendo issued a statement surrounding the recent Nintendo privacy breach which suggests that none of the servers, databases or services from Nintendo have been accessed. With this information, it is likely that the login credentials for these users were obtained using a tactic called credential stuffing, meaning the details were taken from a source external to Nintendo.
Nintendo has taken the decision to keep the details of how the attack took place, which seems pretty sensible given the circumstances. If you’re attempting to use your Nintendo Network ID this will be disabled on a temporary basis, with two-factor authentication encouraged to be implemented with immediate effect for every user.
In response to recent incidents related to some Nintendo Accounts, it is no longer possible to sign into a Nintendo Account using a Nintendo Network ID. We apologise for any inconvenience caused. Please visit our Support website for more information: https://t.co/GMrXr5OHW0
— Nintendo UK (@NintendoUK) April 24, 2020
The statement from Nintendo reads:
We would like to provide an update on the recent incidents of unauthorised access to some Nintendo Accounts.
While we continue to investigate, we would like to reassure users that there is currently no evidence pointing towards a breach of Nintendo’s databases, servers or services. As one action in our ongoing investigation, we are discontinuing the ability to use a Nintendo Network ID to sign in to a Nintendo Account. All other options to sign-in to a Nintendo Account remain available.
As a further precaution, we will soon contact users about resetting passwords for Nintendo Network IDs and Nintendo Accounts that we have reason to believe were accessed without authorisation.
In addition, we also continue to strongly encourage users to enable two-step verification for their Nintendo Account as instructed here: How to set-up two-step verification for a Nintendo Account.
If any users become aware of unauthorised activity, we encourage them to take the steps outlined in the article about the Nintendo Account recovery process.
During the investigation, in order to deter further attempts of unauthorised sign-ins, we will not reveal more information about the methods employed to gain unauthorised access.
We apologise for the inconvenience and concerns caused to our customers, and we will continue working hard to safeguard the security of our users’ data.”