Nintendo Account Breach April 2020

[bmoc]

Several people have recently had their Nintendo accounts compromised. I encourage everyone to enable two step authentication on your Nintendo account. Log into https://accounts.nintendo.com/ and click on "Sign-in and security settings". Nintendo will recommend the Google Authenticator app but Microsoft Authenticator works as well if you are already using that.

https://www.polygon.com/2020/4/21/21229 ... april-2020

[YoshiEgg25]

Yep, I had this happen to me a few days ago. I got an email from Nintendo that my account had been signed into from Germany and Belarus. Luckily I didn't have any card info stolen since I never keep that saved.

[Reprise]

Purely speculative, but a lot of people who had this happen to them say they had their Nintendo Network ID linked. If you do, it's possible to sign in with just the Network ID login details. So people are speculating a breach or vulnerability has occured with the old 3DS and Wii U Network ID system.

I really hope Nintendo are quick with their investigation and will communicate exactly what level of breach has occurred (as they are legally obligated to).

I didn't have any issues (yet...), but I do have my Nintendo Network ID linked to my account. I set up 2 step verification anyways and removed my card details.

[Reprise]

So there we go. Nintendo confirms it is to do with the Nintendo Network ID. What isn't clear is if accounts were hacked and compromised or if they were accessed by people using login information from previous breaches.

That's what I hate about all these breaches, it's never clear if it's a hack and raw, unencrypted passwords were actually obtained and used or if it's just people using old leaked info, since Nintendo Network IDs have been around for like a decade so people might have set them up years ago with an old compromised password and forgotten all about it.

Come to think of it though, don't you get a unique code to login with a Nintendo Network ID? Hmm I don't like this.

https://www.nintendolife.com/news/2020/ ... ly_at_risk

[marurun]

Ars Technica posited it was likely credential stuffing against those older accounts.

[prfsnl_gmr]

I logged out of my account from all devices, unlinked my credit card, changed my password, and set up two-factor authentication. Hopefully, that should do it...

[Reprise]

Ars Technica posited it was likely credential stuffing against those older accounts.

If it's credential stuffing then it's not technically a hack, is it? It's just confusing when articles all open with the word "hack".

[marurun]

Ars Technica posited it was likely credential stuffing against those older accounts.

If it's credential stuffing then it's not technically a hack, is it? It's just confusing when articles all open with the word "hack".

Hack has become, correctly or not, shorthand for unauthorized access or abuse.

[Reprise]

Ars Technica posited it was likely credential stuffing against those older accounts.

If it's credential stuffing then it's not technically a hack, is it? It's just confusing when articles all open with the word "hack".

Hack has become, correctly or not, shorthand for unauthorized access or abuse.

Yeah, that's true I guess. I just wish companies (although having read more I can see Nintendo have said there is no evidence any of their servers or databases have been hacked) and journalists were clearer on what has happened and whether personal information has been accessed.

[marurun]

If it's credential stuffing then it's not technically a hack, is it? It's just confusing when articles all open with the word "hack".

Hack has become, correctly or not, shorthand for unauthorized access or abuse.

Yeah, that's true I guess. I just wish companies (although having read more I can see Nintendo have said there is no evidence any of their servers or databases have been hacked) and journalists were clearer on what has happened and whether personal information has been accessed.

Try this article, then. Ars Technica is much better about being clear in their reporting than other outlets. In fact, my only complaint about Ars is that they are owned by Advance Publications (who just recently decimated the Cleveland Plain Dealer newsroom in order to brutally kill the union).

https://arstechnica.com/gaming/2020/04/ ... e-of-ours/