Skip to Main Content

Nintendo confirms 300,000 accounts breached since April, nearly twice as many as first reported.

The company recommends users change their passwords and enables two-factor authentication.

Nintendo Switch Article.jpg

Nintendo has confirmed that hackers breached 300,000 accounts since April.

Hackers had access to personal information including users' birthdays and email addresses, but did not have access to credit card information.

Nintendo reported unauthorised logins on 24 April, where it was thought that approximately 160,000 accounts had been accessed by malicious actors, the company wrote in a Japanese language blog post.

The company now understands that the breach was nearly twice as large, with passwords “obtained illegally by some means other than our service”.

It is resetting user passwords for affected account as well as disabling the option to log into a Nintendo account through a Nintendo Network ID (NNID).

Older accounts could be used to log into 3DS and Wii U consoles, while the Switch uses a new system which can be linked to older accounts.

However, that linking process has been ended in order to stop further purchases being made.

Individuals with unauthorised access to Nintendo accounts could have made purchases through the Nintendo eShop either using virtual coins or via a linked PayPal account.

Nintendo recommends that all users enable two-factor authentication. This is when users are required use another device, such as their mobile phone, in order to log into accounts.

It also suggests not using a password that you have previously used, or one that is used to log into other accounts.