This week, Nintendo users started complaining on social media about unauthorized logins to their accounts. There was mounting evidence that a lot of Nintendo accounts were being accessed around the world. After a short silence, Nintendo confirmed (Japanese) that their system had been accessed and as many as 160,000 Nintendo Network ID accounts had been accessed. The company announced that emails, nicknames, date of birth, and region data had been accessed, but that no credit card information had been accessed.
Data breaches are an everyday part of life. We seem to hear about a new data breach every day. However, the one thing that tends to bind them all together is something to be gained from it. Sometimes it is data, sometimes it is money. In the case of Nintendo's breach, it was about buying things from the Nintendo eShop. While many users complained about logins, some users had evidence that these logins were making purchases through these logins. As it turns out, the benefit for the hackers came in the form of gift cards. Once an account was breached, the hackers would purchase Fortnite in-game currency cards and other digital goods.
Nintendo has currently disabled the ability to login using a Nintendo Network ID and has initiated a password reset process on ever affected account. They have also reached out to all affected users via email and have recommended turning on two-factor authentication for their accounts. The company said,
We sincerely apologize for any inconvenience caused and concern to our customers and related parties. In the future, we will make further efforts to strengthen security and ensure safety so that similar events do not occur.
Whether you are affected or not, this is a good step to take to protect your account. In fact, for platforms that offer this feature, it is usually a good idea to use it because it can help mitigate these account hijackings. It's not 100% foolproof, but it's a good additional step of protection.