Nintendo is disabling the ability to log into a Nintendo Account through a Nintendo Network ID (NNID), after 160,000 accounts have been affected by hacking attempts. Nintendo says login IDs and passwords “obtained illegally by some means other than our service,” have been used since the beginning of April to gain access to the accounts.

Nicknames, date of birth, country, and email addresses may have been accessed during the breach, and some accounts have experience fraudulent purchases. Nintendo is now recommending that all users enable two-factor authentication. That’s something you should be using for all of your online accounts.

Passwords are now being reset for affected accounts, and Nintendo is disabling the ability to log into a main Nintendo Account through a NNID. These older NNIDs were used for 3DS and Wii U devices. Nintendo’s latest Switch console uses a newer Nintendo Account system, which until today could be linked to these older accounts.

Affected users will also be notified via email, and the company is warning that if you’ve used the same password for an NNID and Nintendo account then “your balance and registered credit card / PayPal may be illegally used at My Nintendo Store or Nintendo eShop.”

Reports earlier this week suggested some accounts had been breached and people had been using them to buy digital items like bundles of Fortnite VBucks. Nintendo is asking affected users to contact the company so it can investigate the purchase history and cancel purchases.