The Japanese video game giant Nintendo has admitted that threat actors have breached 300,000 accounts since early April. The hackers have gained access to personal information, including birthday and email address, but financial data were not impacted.
In April, the gaming company disconnected the NNID legacy login system from main Nintendo profiles after it has discovered a massive account hijacking campaign.
The gaming giant announced that hackers gained accessed at least 160,000 user accounts as part of an account hijacking campaign since early April.
The company launched an investigation after it has received several complaints from its users.
Since April, the company discovered additional 140,000 accounts that have been compromisedì.
“A total of 300,000 Nintendo accounts have been breached since the beginning of April, the company revealed Tuesday, as hackers used others’ Nintendo Network IDs without permission.” reads a post published by the CNN. “Previously, the company said 160,000 accounts were hacked, but on June 9 it updated those numbers to a whopping 300,000.”
The Japanese firm announced additional security measures to prevent similar security breach in the future.
“We sincerely apologize to our customers and related parties for any inconvenience and concern. In the future, we will make further efforts to strengthen security and ensure safety so that similar events do not occur,” reads a statement published by Nintendo, announcing that it committed to “enhance security… to prevent this happening again.”
The company discovered that the accounts belonging to many users were abused to purchase features and virtual coins in popular games, including Fortnite V-Bucks, using the funds in the connected PayPal account.
In April, the company confirmed that hackers did no carry a credential stuffing attack, instead, they abused the NNID integration.
The Nintendo Network ID (NNID) is a legacy login system, it allows users to manage Nintendo accounts on Wii U or Nintendo 3DS.
The company did not disclose the details of the account hijacking attacks, to mitigate the incident the company disconnected the NNID legacy login system from main Nintendo profiles.
The company is notifying the affected users via email, the gaming giant recommends customers to check their purchase history for any unauthorized transactions and change their passwords.
(SecurityAffairs – gaming, cybersecurity)