Over 160,000 Nintendo Network IDs have been compromised, and all users are encouraged to observe safety measures while Nintendo investigates.
The Japanse video game giants have confirmed the week-long circulating issue about the compromised Nintendo accounts.
Although the company defers from calling it a breach, as initial investigation points no evidence towards it, they did confirm that there’s been unauthorized access to Nintendo Network IDs and accounts.
Apparently, the company was already aware of the issue since early April.
While Nintendo further investigates the issue, they’ve temporarily disabled the Nintendo Network ID sign-in option. All other options, however, are still enabled.
Credential access didn’t come from Nintendo’s system
Following Nintendo’s statement that the company’s database, servers, or services have not been hacked, reports cite a possible “credential stuffing” instead.
This means that the login account credentials were obtained outside of Nintendo.
To further explain the term, OWASP Foundation describes credential stuffing as:
the automated injection of breached username/password pairs in order to fraudulently gain access to user accounts. This is a subset of the brute force attack category: large numbers of spilled credentials are automatically entered into websites until they are potentially matched to an existing account, which the attacker can then hijack for their own purposes.
Online scams and hacks have been a trend lately while the rest of the world is in quarantine lockdown. Many might be doing this out of boredom due to isolation, or just simply taking advantage of the vulnerable situation.
Nintendo’s safety precautionary measures
While the Switch console maker further digs deep into this data privacy breach, security measures are advised to be followed by the users.
Nintendo will be contacting its users for a reset password procedure through email. It is highly recommended as well to refrain from using any previously used password and to come up with a new complex password combination.
— CNN Breaking News (@cnnbrk) April 25, 2020
On its Japanese website, Nintendo dove into the process of checking the users’ accounts (after password reset procedure) for any unauthorized purchases.
Should it be proven that there was indeed some illegal purchasing activity, affected users are advised to contact Nintendo for the next steps to take.
Also, Nintendo strongly encourages enabling the two-step verification, which can be located in the Sign-in and security settings.
Lastly, should any user be notified of unusual activity in the account, such as “Your Nintendo Account has been compromised or accessed by an unauthorized user,” the company suggests doing an Account Recovery process.
Image courtesy of Pixabay / Pexels