If you’ve ever connected your Nintendo Account to a Nintendo Network ID service (from the Wii U days), you may want to lock your account down with two-factor authentication right away. According to several Twitter and Reddit threads, and one staffer at Ars Technica, Nintendo Accounts are getting hijacked.
Over at Ars Technica, the site’s Reviews Editor Ron Amadeo received a strange email. Someone logged into his Nintendo Account. He packed away all of his Nintendo devices, so it couldn’t have been him. It’s a tale that’s quickly spreading on Reddit and Twitter.
I suspect Nintendo may have had a major security breach. My account was accessed numerous times overnight.
My password is a unique string and my PC is definitely clean (not that I ever login via it).
Lots of similar reports on Reddit/twitter.
Unlink PayPal & enable 2FA folks!
— Pixelpar (@pixelpar) April 19, 2020
Through the use of polling, Reddit users have found one common factor among everyone hijacked so far—linking a current Nintendo Account to the old Nintendo Network ID service. If you upgraded from previous Nintendo systems, like the Wii U, linking the two services was useful to bring forward your data.
Nintendo hasn’t commented on the situation yet, but it’s possible that hackers haven’t compromised the service. It’s common for hackers to try username and password combos stolen from other breached companies. If you reuse passwords, you’re putting yourself at risk.
If a hijacker accesses your account, they, in turn, have access to your payment options. If the hacker then switches your region to another country, they can make game purchases that then email out codes. With those codes, they can redeem the game on any Nintendo console.
The most secure way to prevent account hijacking is to enable two-factor authentication. Our sister site, How-To Geek, has all the details on how to set it up. But if you have payment credentials loaded to your account, the best thing to do is change your password (especially if you reused a password) and enable two-factor authentication. You can do that on the Nintendo Account Security page.
You may want to consider getting a password manager if you usually reuse passwords. And if you do save your payment credentials to Nintendo’s servers, it couldn’t hurt to remove them for now.
via Ars Technica