nintendo game

Hackers Target Nintendo, Affecting Accounts of 160,000 Users

After customers reported fraudulent purchases, Nintendo announced that a credential stuffing campaign led to breaches of thousands of accounts.

The accounts of about 160,000 Nintendo users have been affected by hacking attempts, causing the gaming company to disable the ability to log into an account with a Nintendo Network ID.

Nicknames, dates of birth, countries and email addresses were accessed through a breach since the beginning of April, according to The Verge. Some customers reported fraudulent purchases using their account information, which Nintendo says was “obtained illegally by some means other than our service.”

The older Nintendo Networks IDs (NNIDs) were used for 3DC and Wii U devices, whereas newer Nintendo products use a modernized account system. Until Friday, those new accounts could be linked to NNIDs, which increased the landscape for attacks, according to The Verge.

All affected users are being notified via email, and the company is encouraging all users to implement two-factor authentication so that there is less of a chance that a hacker is able to log in to their account using just an email address.

Users are also being warned that if they have used the same password for their NNID and Nintendo account, their ”balance and registered credit card / PayPal may be illegally used at My Nintendo Store or Nintendo eShop.” Nintendo gamers who suspect that their account has been used to make fraudulent purchases should report them to the company so they can be investigated and canceled.

The incident demonstrates how the $100 billion video game industry is a “growing target for cybercriminals,” said Anurag Kahol, the chief technology officer of data protection company Bitglass.

“Personally identifiable information (PII) and financial information are often connected to users’ gaming accounts, which is valuable data that attackers can use to commit financial fraud, identity theft, and trade on dark web marketplaces,” Kahol said. “Popularly, attackers will compromise and steal valid, high ranking gaming accounts and sell them for a generous profit.”

Although it’s not clear how hackers were able to obtain Nintendo account information for the credential stuffing attacks, “this incident still underscores why organizations must have full visibility and control over their data to prevent unauthorized access to sensitive customer information,” Kahol added.

The gaming industry is a huge target of credential stuffing campaigns, said Chris DeRamus, the chief technology officer of DivvyCloud.

“Organizations should also implement [multi-factor authentication] for all users, securely manage service accounts and their corresponding keys, enforce least privileged access, and enforce best practices for the use of audit logs and cloud logging roles,” DeRamus said.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • Accelerating a Pathway

    There is a new trend touting the transformational qualities of AI’s ability to deliver actionable data and predictive analysis that in many instances, seems to be a bit of an overpromise. The reality is that very few solutions in the cyber-physical security (CPS) space live up to this high expectation with the one exception being the new generation of Physical Identity and Access Management (PIAM) software – herein recategorized as PIAM+. Read Now

  • Protecting Your Zones

    It is game day. You can feel the crowd’s energy. In the parking lot. At the gate. In the stadium. On the concourse. Fans are eager to party. Food and merchandise vendors ready themselves for the rush. Read Now

  • Street Smarts

    The ongoing acceptance of AI and advanced data analytics has allowed surveillance camera technology to shift from being a tactical tool to a strategic business solution. Combining traditional surveillance technology with AI-based data-driven insights can streamline transportation systems, enhance traffic management, improve situational awareness, optimize resource allocation and streamline emergency response procedures. Read Now

  • The Progress of Biometrics

  • Next-Gen AI for Smart Cities

    The future of smart city technology is not being shaped in Silicon Valley — it is taking root in Dubuque, Iowa. With a population of about 60,000, this mid-sized city has become a live testbed for AI-driven traffic management thanks to a unique public-private collaboration led by Milestone Systems. Project Hafnia demonstrates how cities can transform urban mobility and safety through Responsible Technology—without costly infrastructure overhauls. Read Now

New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.