Nintendo today confirmed the rumors we’d been fearing in recent days: multiple online Switch accounts had been hacked. The company says ‘about 160,000’ accounts may have have been subject to the breach. This allowed the thieves to make unauthorized purchases, explaining the reports of hackers stealing accounts to buy currency in Fortnite.
Nintendo says on its Japanese support page that login information was “obtained illegally by some means other than our service.” The company believe the hackers were able to do this by impersonating Nintendo Network IDs, the old login information used on the Wii U and 3DS. The hackers were then able to access users’ Nintendo accounts — used on the Switch and Nintendo’s mobile games — via their associated NNIDs.
Hackers were able to view the nickname, date of birth, gender, country, and email address of those affected. Although they did not have access to payment information, they were able to make payments via the compromised accounts. The breach appears to have begun in early April.
In response, the company has disabled the ability to log in to Nintendo accounts via NNIDs, and it has reset passwords for accounts that may have been compromised.
In response to recent incidents related to some Nintendo Accounts, it is no longer possible to sign into a Nintendo Account using a Nintendo Network ID. We apologise for any inconvenience caused. Please visit our Support website for more information: https://t.co/NWyXLiS1wR
— Nintendo of Europe (@NintendoEurope) April 24, 2020
The company says it will notify you via email if you’ve been affected; you will be required to reset your password next time you log in. Nintendo also cautions that from here on out, you should set different passwords for your NNID and Nintendo accounts, and says you should reach out if you see a suspicious purchase.
We recommend you enable two-factor authentication on your Switch to significantly reduce the chances of your account being compromised in the future.