Things have been going from bad to worse for Nintendo as 2020 progresses. We reported in May about hardware specs for some of its popular past consoles getting leaked online. Well, that was not the only thing that got leaked. It had also been discovered in April that 160,000 Nintendo Accounts with sensitive data may have been compromised. Yesterday, that number nearly doubled, with another 140,000 added to the list. The following was originally posted on Nintendo’s Japanese support page.
Thank you for your continued patronage for our products.
This time, there is a phenomenon that it seems that you made a spoofed login to “Nintendo Network ID (*1, hereinafter NNID)” from around the beginning of April using login ID and password information obtained illegally by some means other than our service. We have confirmed that it is occurring. We also confirmed that there was an illegal login to some “Nintendo accounts” via NNID using this impersonation login.
Update added on June 9th
We posted a report on unauthorized login on April 24th, but as a result of continuing the investigation after that, there were approximately 140,000 additional NNIDs that may have been accessed maliciously. It turned out that it was. We have also reset the passwords for these 140,000 NNIDs and the Nintendo accounts that were linked with them, and contacted the customer separately. At the same time, we are taking additional security measures.
The company goes on to explain that these roughly 300K accounts represent less than one percent of all Nintendo accounts around the world. Those who didn’t have two-step verification potentially had the most information leaked. Their name, date of birth, gender, country/region, and email address could have been obtained. There is, however, a disclaimer stating that no credit card information was involved. It’s been a rocky road for Nintendo since the launch of its Switch Lite console. Here’s hoping things get better for them.