Nintendo says up to 300,000 customer accounts were compromised in April, more than double those originally announced by the company. The statement, released Tuesday in Japanese, said the massive breach was likely the result of customers using the same password in multiple places online. The announcement increases the number of accounts made by 160,000.
This batch of Nintendo customer accounts was a mature target for criminals. At least one Polygon staff member was affected and only noticed the violation after dozens of PayPal transactions for Fortnite currency began to be posted to their personal credit cards. Account nicknames, dates of birth, country / region, email address and gender were all disclosed in the violation.
A few days after customers started reporting problems, Nintendo made the drastic decision to disable the ability to sign in to a Nintendo Account using a Nintendo Network ID (NNID). The system has since been brought back online. In Tuesday’s statement, Nintendo said it is contacting the 140,000 additional affected users via email.
Anyone with a Nintendo Account – or any other online account, for that matter – is encouraged to use a strong password and change it regularly. Nintendo also offers two-factor authentication. Configuration instructions are available on the support page.
Vox Media has affiliate partnerships. These do not influence editorial content, although Vox Media may earn commissions for products purchased through affiliate links. For more information, see our ethics policy.
The Nintendo post reports that 300,000 customer accounts were illegally accessed in April. He appeared for the first time on Polygon.