We select and review products independently. When you purchase through our links we may earn a commission. Learn more.

Nintendo Confirms 160,000 Nintendo Accounts Were Compromised

Mario dressed in armor with a dragon behind him.

Just days after we wrote that it appeared hackers were attempting to compromise Nintendo accounts, the gaming company confirmed the attack. In a statement posted to its Japanese site, Nintendo says about 160,000 accounts have accessed by bad actors. Hackers didn’t breach Nintendo directly. Instead, they went after password reuse.

According to the statement, (which we are viewing through the lens of Google Translate), the main problem stems from Nintendo Accounts linked with Nintendo IDs and secured by reused passwords.

Malicious actors often scrape username and password combinations from other company breaches then try them out anywhere they can to see where else the password works. It’s a practice called credential stuffing and doesn’t show any signs of slowing down. If you use the same password for Nintendo that you do for Adobe and Kickstarter, you need to stop.

In this case, linking your Nintendo Account (used for Switch) to your Nintendo ID (used for Wii U and 3DS) means you can use the Nintendo ID login to access the Nintendo Account. So even if you were diligent about changing your current Nintendo Account password, an old reused Nintendo ID could be the weak point.

Nintendo went on to say that with access, hackers would see your name, date of birth, country/region, and email address. Additionally, hackers could use any balance you had through a registered credit card or PayPal to make purchases for themselves.

The company is notifying affected customers and resetting passwords for those users as well. It’s also disabling the ability to link a Nintendo Account to a Nintendo ID. The company suggests you change your passwords and turn on two-factor authentication. That’s good advice, and we’d go a step further and recommend you use a password manager to give every service you have an account with a different password.

Source: Nintendo via The Verge

Josh Hendrickson Josh Hendrickson
Josh Hendrickson is the Editor in Chief of Review Geek and is responsible for the site's content direction. He has worked in IT for nearly a decade, including four years spent repairing and servicing computers for Microsoft. He’s also a smart home enthusiast who built his own smart mirror with just a frame, some electronics, a Raspberry Pi, and open-source code. Read Full Bio »