Hackers have managed to log into around 160,000 Nintendo accounts since early April, the video game giant said in a statement on April 24. For those whose account has been affected, personal data (e-mail address, date of birth, etc.) may have been recorded. No bank data was available, Nintendo said, but people who linked a payment method to their Nintendo account may have been victims of unauthorized purchases.
For the past ten days, testimonies relating to suspicious purchases have multiplied on social networks. As related ZDnet, the majority of these purchases were for V-Bucks, the currency used in the successful game Fortnite. Suspicious ads reselling V-Bucks at very low prices had also appeared online.
On April 21, Nintendo assured “Investigate the situation”, and, without confirming or denying the existence of a hack, recommended to all of its users to activate double authentication on their account – a simple and effective way to prevent the majority of hacks.
The statement released on Friday acknowledges that there is a security hole in the Nintendo network ID (NNID), a unique identifier that can be used to log into an account instead of the email address. The company did not say how the flaw around the NNID could have allowed people to log in without a password. She announced that she had reset passwords for all accounts that may have been affected. Those affected should receive an email in the coming days.