Nintendo's account leak was much worse than originally reported
Total accounts compromised in the hack.
Well, looks like it’s time to change your Nintendo login again. The company has confirmed that another 140,000 login credentials have leaked, just over a month after 160,000 other credentials were confirmed to have been compromised.
As with the previous breach, hackers could have viewed only bare user details in compromised accounts. That includes nicknames, dates of birth, country of residence, and email address. Your credit card information should be fine, the company says, because that information can't be viewed from your account.
In a statement on its Japanese site, Nintendo said the passwords for these 140,000 accounts have already been reset, as have their Nintendo Network IDs (NNID). The company also says it’s taking additional security measures to combat the ongoing hacks, though it didn’t include specifics as to its methodology.
The owners of those accounts have been contacted individually about the issue, so you should know by now if your account is one of those compromised. But we still don’t know exactly how this breach happened, and the number affected keeps growing. You should probably change your password and enable two-factor authentication whether or not you think your account has been compromised.
Nintendo’s botched response — Nintendo’s response to this hack has been less than satisfactory for many users.
Reports of hacked accounts have been circulating since mid-March, according to Gizmodo, but Nintendo didn’t officially address the issue until the end of April. We’re pretty sure Nintendo has been investigating these reports all along — hence those cryptic tweets about enabling two-factor authentication.
Now we’re hearing that the hack affected almost twice as many users as Nintendo first reported. That discrepancy in reporting isn’t at all addressed in Nintendo’s most recent statement. The company doesn’t seem interested in explaining its security issues to its fan base.
Refunds are in-progress — If there’s any good news here, it’s that Nintendo is indeed taking the time to refund any fraudulent orders that may have been placed because of the hack. The company is still in the process of issuing these refunds, the company said in a statement.
Nintendo doesn’t deal with large-scale hacks very often, so it's not really surprising the company is struggling to handle this one. And with unauthorized purchases being the worst of the hack's fallout, there's probably nothing to worry about, even for those affected. Nonetheless: turn on that 2FA for some peace of mind and get back to Animal Crossing.