Japanese gaming company Nintendo confirmed that hackers have attained unauthorized access to around 160,000 user accounts since the start of the month.
Nintendo users complained on social media about hackers accessing their Nintendo accounts and misusing attached payment card details to buy Fortnite currency and other Nintendo games.
There was speculation of credential stuffing attack which was ruled out by users stating that they have used strong unique passwords for their Nintendo profiles and that it would be impossible for an attacker to guess.
However, now Nintendo has confirmed that a credential stuffing attack is not the source of the recent attack. Instead, the hackers have abused its NNID integration.
NNID which stands for Nintendo Network ID is a legacy login system, used to manage accounts on the old Wii U or Nintendo 3DS platforms.
On newer Nintendo devices, users can link their old NNID accounts to a Nintendo profile. The company said that the hackers abused this integration to get access to the main Nintendo profiles.
Nintendo disapproves of the ability to log into main Nintendo accounts using the older NNID profiles.
They are also contacting the affected users to urge them to reset the password for both the main and NNID accounts. The company also recommends the users to set different passwords for each account. Also, the users who use the same password for Nintendo and NNID accounts are advised to use different passwords, even if they haven’t been hacked yet.
The company also warns all the customers that hackers might have gained access to other account information, such as Nintendo nicknames, dates of birth, countries of origin, regions, and email addresses.
Nintendo apologized for the issue and assured that they will make all efforts to strengthen security and ensure safety so that such events will not occur in future.