The Nintendo accounts of an unspecified number of users were compromised in the past few days in an attack from an unknown vector, at least for now.
In just a few days, Nintendo owners noticed that their accounts had been compromised, losing access. It’s still unclear why this is happening because the users don’t seem to have many things in common, with the exception of their Nintendo credentials.
The only hint of something strange going on was a mention on the official Twitter account of Nintendo Japan Support, which said people have been experiencing unauthorized logins and that some of these attackers were accessing users’ credit card data.
This would imply that Nintendo fell victim to a data breach, but the company remained silent on this possibility, except for a short statement to VGC:
“We are aware of reports of unauthorized access to some Nintendo Accounts and we are investigating the situation” says Nintendo. “In the meantime, we recommend that users enable two-step verification for their Nintendo account.”
If you have a Nintendo account, change the password immediately, even if you have had no problems. If that password is the same one used on other online services, you need to change those ones as well.
Secondly, it’s also very important to activate two-factor authentication, which makes it much more difficult for anyone to access the account, even if your credentials have been exposed in a data breach.
Lastly, users should revise any linked payment methods saved into the account. Check the banking statements for fraudulent purchases.
The fact that it’s still unclear how the attackers got their hands on login data makes this security issue all the more dangerous. They might just use credentials from other data breaches, but it’s difficult to take the right measures when you don’t know what online vector needs to be secured.