As a part of an ongoing investigation from a reported 160,000 unauthorized Nintendo Network ID (NNID) breaches back in April, Nintendo has raised that number up to a total of 300,000 accounts as of yesterday, April 9, 2020.
A Nintendo Network ID or NNID for short is an account created specifically for use on Wii U and or Nintendo 3DS family systems and allows the user to access online features like multiplayer and gives them purchasing and downloading capabilities on those systems via their eShop. When the Nintendo Switch launched and the 3DS and Wii U were no longer the most popular Nintendo systems, most people stopped using the NNID to access their account. That being said, most people left those accounts to lay dormant with their information on them!
We posted a report on unauthorized login on April 24th, but as a result of continuing the investigation after that, there were approximately 140,000 additional NNIDs that may have been accessed maliciously. It turned out that it was. We have also reset the passwords for these 140,000 NNIDs and the Nintendo accounts that were linked with them, and contacted the customer separately. At the same time, we are taking additional security measures.
Less than 1% of all NNIDs around the world that may have been illegally logged in may have actually been fraudulently traded through their Nintendo account. We are still in the process of refunding in each country, but we have already finished refunding for most customers.
The hackers may have gotten access to nicknames, genders and dates of birth as well as the customer’s region and even their email address. That’s pretty scary, isn’t it? Luckily, it looks like no credit card information was included in what was accessed. So how do you protect against something like this from happening in the future? Well, you don’t, really. Because technology was created by humans, there will always be other humans trying to reverse engineer it, but there is a way to protect your personal information!
Nintendo recommends that you enable two step verification on your account. This provides an added layer of protection for your private data as anyone who wishes to access said data would then be required to provide a second proof of account ownership, which of course, they wouldn’t have. This oftentimes takes the form of a code sent via text message or email as it’s much less likely that the person
Even though NNID login has officially been disallowed as a means to log in to accounts going forward, I would still recommend changing your password.