Nintendo recently confirmed that 140,000 accounts (Nintendo Network IDs) were compromised in addition to 160,000 in April. There may be more users affected by these accounts were the ones found and reported to have been accessed without user permission.
“Less than 1% of all NNIDs around the world that may have been illegally logged in may have actually been fraudulently traded through their Nintendo account, ” said Nintendo. “We are still in the process of refunding in each country, but we have already finished refunding for most customers.”
“We sincerely apologize for any inconvenience caused and concern to our customers and related parties. In the future, we will strive to further strengthen security and ensure safety so that similar events do not occur.”
Nintendo Japan has been investigating the unauthorized accesses, and the company found that more than 300,000 accounts have been accessed with malicious purpose. The company has since reset around 140,000 accounts, and have refunded the customers that have yet to have their accounts reset.
According to Nintendo, the hackers were able to obtain information such as user’s name, date of birth, gender, country/region, and email address. The company reported in April that there was no evidence to suggest that their databases had been breached. Nor was there evidence to suggest their servers were accessed without authorization.
Nintendo is also contacting users that it suspects to have been breached without permission. “As a further precaution,” the company said, “we will soon contact users about resetting passwords for Nintendo Network IDs and Accounts that we have reason to believe were accessed without authorization.”
Going forward, Nintendo suggests that all users with accounts reset their passwords as a precaution against hacking. The company will continue investigations for the source of the access and ways to prevent it.