A total of 300,000 Nintendo accounts have been broken into since the beginning of April, the company confirmed this week.
The breach was first discovered back in April, and at the time, Nintendo said 160,000 accounts may have been “accessed maliciously”. On Tuesday, the company revealed another 140,000 accounts were impacted.
The breach is linked to the Nintendo Network ID (NNID) login systems, which are used for the Nintendo 3DS and Wii U. Nintendo has a new system called Nintendo Account (used for the Nintendo Switch), but players were still able to link their NNID with their Nintendo Account.
Nintendo said accounts may have been accessed illegally if players had the same password on both their NNID and Nintendo account. Information such as a user’s name, date of birth, country, or email address could have been made visible to a third party. The company also warned virtual funds or linked PayPal accounts may have been illegally used at the My Nintendo Store or Nintendo eShop.
As a result, the company has binned the ability to log into Nintendo Accounts via NNIDs. People whose accounts were breached will be notified by email and their passwords will be changed. Nintendo 14/10 recommends you set up a two-step verification for your account if you haven’t already as well. The company will also cancel any purchases made in connection to dodgy activity on your account, if proven. At the time of writing, Nintendo confirmed most NNID users have already been reimbursed.
“We sincerely apologise for any inconvenience caused and concern to our customers and related parties,” Nintendo said in a statement on the Japanese support page. “In the future, we will strive to further strengthen security and ensure safety so that similar events do not occur.”
To put this into perspective, Nintendo said 300,000 users are less than one per cent of all NNID users, so chances are you’re in the clear.