Nintendo rewards program site hacked, names, email addresses and phone numbers possibly compromised

Nintendo rewards program site hacked, names, email addresses and phone numbers possibly compromised

Nintendo admitted today that Club Nintendo, a loyalty program that gives players exclusive products in exchange for registering their consoles and games, has been hacked.

The company launched an investigation on July 2 after witnessing a “large” number of errors on the site. Nintendo can now confirm that 23,9326 unauthorized log-ins occurred between June 9 and July 4, as well as over 15 million attempts.

Spotted by Kotaku, the video game giant says users’ names, addresses, phone numbers and email addresses may have been affected as a result of the breach. Any unauthorized use of Club Nintendo points, the virtual currency used to buy rewards, has not been confirmed at this time.

None of the goods and services sold through Club Nintendo require payment, so there’s absolutely no chance of any credit or debit card information being leaked as part of the breach. Players can only redeem prizes based on the points they receive for each registered game or console, somewhat reducing the impact of the hack.

Screen Shot 2013-07-05 at 09.49.24

Nintendo has invalidated all Club Nintendo passwords and issued an email to members asking that they reset their password at the earliest opportunity. Nintendo is now looking to strengthen its security and monitoring procedures to ensure such an incident doesn’t happen again.

It’s also worth noting that while Nintendo released the statement from its Japanese site, it’s not yet clear if the hack is limited to the domestic version of Club Nintendo, or international variants as well.

Video game publisher Ubisoft confirmed earlier this week that one of its websites was also hacked, resulting in the compromise of usernames, email addresses and encrypted passwords.

The company didn’t reveal which site was affected, but confirmed that no personal payment information was taken, again because no financial data was stored on its servers. Ubisoft has since launched an investigation with “relevant authorities, internal and external security experts.”

Both of these incidents pale in comparison to the PlayStation Network hack in April 2011, which compromised a whole host of user information including names, birth dates and encrypted password. A database of credit card numbers was also stolen, although Sony reported that these were also protected by industry standard encryption.

Image Credit: Kevork Djansezian/Getty Images

Read next: Pitch Marathon in Berlin will see 42 startups face investors in a fast and furious competition