Reset your password and set up two-factor authentication. "Currently no evidence pointing towards a breach of Nintendo's databases, servers or services."

Reading Time: 2 minutes

Nintendo Confirms Up To 160,000 Accounts Accessed In Huge Privacy Breach

Nintendo has disabled the ability to log into a Nintendo Account using a Nintendo Network ID (NNID) after approximately 160,000 accounts were compromised by unauthorized parties. Nintendo’s statement, originally published in Japanese, says that ID and password information for NNIDs was “obtained illegally by some means other than our service” from the beginning of April. In the statement, Nintendo says that, at present, there was no evidence to suggest Nintendo’s own databases, servers or services have been accessed. This again suggests the log-in data used to access accounts was obtained elsewhere a tactic known as credential stuffing.

Nintendo suggests that you change your password for both the NNID, but also any other service where you use a similar password (as many of us do). Also, it’s possible people could have purchased items within Nintendo’s online stores with your saved payment information like Fortnite V-bucks or the like. If so, you can contact Nintendo and they’re supposed to immediately cancel that transaction and get you a refund.

Nintendo’s statement follows in full:

Important Notice

We would like to provide an update on the recent incidents of unauthorised access to some Nintendo Accounts.

While we continue to investigate, we would like to reassure users that there is currently no evidence pointing towards a breach of Nintendo’s databases, servers or services. As one action in our ongoing investigation, we are discontinuing the ability to use a Nintendo Network ID to sign in to a Nintendo Account. All other options to sign-in to a Nintendo Account remain available.

As a further precaution, we will soon contact users about resetting passwords for Nintendo Network IDs and Nintendo Accounts that we have reason to believe were accessed without authorisation.

In addition, we also continue to strongly encourage users to enable two-step verification for their Nintendo Account as instructed here: How to set-up two-step verification for a Nintendo Account.

If any users become aware of unauthorised activity, we encourage them to take the steps outlined in the article about the Nintendo Account recovery process.

During the investigation, in order to deter further attempts of unauthorised sign-ins, we will not reveal more information about the methods employed to gain unauthorised access.

We apologise for the inconvenience and concerns caused to our customers, and we will continue working hard to safeguard the security of our users’ data.

Nintendo said on its Japanese site:

“We sincerely apologize for any inconvenience caused and concern to our customers and related parties,” “In the future, we will make further efforts to strengthen security and ensure safety so that similar events do not occur.”

Affected users will also be notified via email, and the company is warning that if you’ve used the same password for an NNID and Nintendo account then “your balance and registered credit card / PayPal may be illegally used at My Nintendo Store or Nintendo eShop.”

News of the breach has so far only filtered through from that Japanese support page. Nintendo has yet to make an official English-language statement, though Nintendo UK has now tweeted to acknowledge NNID is no longer available as a sign-in method.