It’s been less than two months since Nintendo announced that 160,000 user accounts had been maliciously accessed, but that number has now doubled to over 300,000.
The gaming giant now confirms that the amount of users impacted by the attacks first announced in April was higher than previously thought, and that a further 140,000 accounts were involved.
- Keep your private data private with the best VPN
- Save some money with the best Nintendo Switch deals
- Just In: Stunning PS5 design revealed in new video
A translated version of Nintendo's statement in Japanese, updated yesterday (June 9), read: “We posted a report on unauthorized login on April 24th, but as a result of continuing the investigation after that, there were approximately 140,000 additional NNIDs [Nintendo Network IDs] that may have been accessed maliciously. It turned out that it was.”
The personal user information potentially accessed includes names, dates of birth, email accounts, locations and genders. Credit cards do not seem to have been affected.
To be clear, there does not appear to have been a data breach at Nintendo. Nor is it likely that these accounts were "hacked" into through any kind of software flaw. Rather, Nintendo's statement implies that the attackers got into the accounts the old-fashioned way: by using the correct usernames and passwords.
How Nintendo users can stay safe
Since discovering more breached accounts, Nintendo said it has reset user passwords, contacted affected customers individually and is taking additional security measures.
Nintendo said: “Less than 1% of all NNIDs around the world that may have been illegally logged in may have actually been fraudulently traded through their Nintendo account. We are still in the process of refunding in each country, but we have already finished refunding for most customers.”
If you use the same credentials (username and/or email address, plus password) on more than one account, then if any of those accounts gets compromised, the bad guys can access all your other accounts using the same credentials.
Another way to prevent unauthorized account access is to enable two-factor authentication (2FA), which Nintendo recommends all its user do for their accounts. Here how to enable 2FA on Nintendo accounts.