nintendo game

Hackers Target Nintendo, Affecting Accounts of 160,000 Users

After customers reported fraudulent purchases, Nintendo announced that a credential stuffing campaign led to breaches of thousands of accounts.

The accounts of about 160,000 Nintendo users have been affected by hacking attempts, causing the gaming company to disable the ability to log into an account with a Nintendo Network ID.

Nicknames, dates of birth, countries and email addresses were accessed through a breach since the beginning of April, according to The Verge. Some customers reported fraudulent purchases using their account information, which Nintendo says was “obtained illegally by some means other than our service.”

The older Nintendo Networks IDs (NNIDs) were used for 3DC and Wii U devices, whereas newer Nintendo products use a modernized account system. Until Friday, those new accounts could be linked to NNIDs, which increased the landscape for attacks, according to The Verge.

All affected users are being notified via email, and the company is encouraging all users to implement two-factor authentication so that there is less of a chance that a hacker is able to log in to their account using just an email address.

Users are also being warned that if they have used the same password for their NNID and Nintendo account, their ”balance and registered credit card / PayPal may be illegally used at My Nintendo Store or Nintendo eShop.” Nintendo gamers who suspect that their account has been used to make fraudulent purchases should report them to the company so they can be investigated and canceled.

The incident demonstrates how the $100 billion video game industry is a “growing target for cybercriminals,” said Anurag Kahol, the chief technology officer of data protection company Bitglass.

“Personally identifiable information (PII) and financial information are often connected to users’ gaming accounts, which is valuable data that attackers can use to commit financial fraud, identity theft, and trade on dark web marketplaces,” Kahol said. “Popularly, attackers will compromise and steal valid, high ranking gaming accounts and sell them for a generous profit.”

Although it’s not clear how hackers were able to obtain Nintendo account information for the credential stuffing attacks, “this incident still underscores why organizations must have full visibility and control over their data to prevent unauthorized access to sensitive customer information,” Kahol added.

The gaming industry is a huge target of credential stuffing campaigns, said Chris DeRamus, the chief technology officer of DivvyCloud.

“Organizations should also implement [multi-factor authentication] for all users, securely manage service accounts and their corresponding keys, enforce least privileged access, and enforce best practices for the use of audit logs and cloud logging roles,” DeRamus said.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • AI to Help Resolve Non-Emergency Calls Across Utah and Decrease 911 Caller Wait Times

    The Utah Communications Authority (UCA), which oversees the state’s next generation 911 technology services, recently announced that public safety answering points (PSAPs) throughout the state plan to implement Motorola Solutions’ Virtual Response technology to automate the receipt and resolution of 10-digit non-emergency line calls in Utah with the help of AI. Read Now

  • Report Reveals Local Governments Face Surge in Ransomware Attacks with Minimal Resources

    KnowBe4, the cybersecurity platform that comprehensively addresses human risk management, recently released new research highlighting the critical cybersecurity challenges facing state, local, tribal, and territorial (SLTT) governments. The report details how government organizations have become prime targets for cybercriminals while simultaneously facing severe resource constraints. Read Now

  • Video Surveillance Trends to Watch

    With more organizations adding newer capabilities to their surveillance systems, it’s always important to remember the “basics” of system configuration and deployment, as well as the topline benefits of continually emerging technologies like AI and the cloud. Read Now

  • New Report Reveals Top Trends Transforming Access Controller Technology

    Mercury Security, a provider in access control hardware and open platform solutions, has published its Trends in Access Controllers Report, based on a survey of over 450 security professionals across North America and Europe. The findings highlight the controller’s vital role in a physical access control system (PACS), where the device not only enforces access policies but also connects with readers to verify user credentials—ranging from ID badges to biometrics and mobile identities. With 72% of respondents identifying the controller as a critical or important factor in PACS design, the report underscores how the choice of controller platform has become a strategic decision for today’s security leaders. Read Now

  • Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years

    An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security. Read Now

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.