Image via @Warchamp7 on Twitter

Over the course of the last month, Nintendo users have been increasingly reporting that their accounts have been getting hacked and accessed from remote locations around the globe, with some users losing money as a result of the unauthorized intrusion.

The account hijackings appear to have started mid-March and have reached a peak over the weekend when more and more users started receiving email alerts that unknown IP addresses have been seen accessing their Nintendo profiles.

The way accounts are getting hacked is currently unknown. It is unclear if hackers are using passwords leaked in data breaches at other sites to also gain access to Nintendo accounts.

Some users reported using complex passwords generated through a password manager, passwords that were unique to their accounts, and not used anywhere else. This suggests hackers might be using more than the classic credential stuffing, password spraying, or brute-force attacks.

Nintendo has yet to release a formal statement about the attacks; however, the company has advised users earlier month on Twitter and Reddit to enable two-step verification (2SV) for their accounts, suggesting that this might prevent intrusions.

Users report losing money

A large number of those who reported unauthorized access to their Nintendo accounts also reported losing money.

In some cases, the hackers bought other Nintendo games, but in many incidents, victims said the hackers bought Fortnite game currency through a card or PayPal account linked to the main Nintendo profile.

"I get home from work, and during the drive home, my Nintendo account was hacked, and they spent 300 dollars on Fortnite. "I need a hug," a Nintendo user wrote on Twitter on Friday, sharing a similar experience encountered by many others.

Someone hacked my PayPal and spent $200 on Nintendo games?! pic.twitter.com/pc5eRvHXSY — Vexonym (@Vexonym) April 19, 2020

My nintendo acc got hacked a few weeks ago but I caught it fast enough, and my bf's account just got hacked yesterday. This has been happening to a ton of people and most cases result in $100+ charges for fortnite currency.. Would highly suggest setting up 2factor ASAP — シリア☆ (@cillia) April 19, 2020

I get home from work and during the drive home my Nintendo account was hacked and they spent 300 dollars on fortnite... ;-; I need a hug — Coach Beefcake (@WerewolfCoach) April 17, 2020

Love too cry at 3am cuz someone hacked my Nintendo account and bought 150 fucking dollars of fortnite currency — Nutty 🌰☕ ⟿ 🇺🇸 (@nuttychooky) April 19, 2020

While there is no exact figure on the number of hijacked accounts, the issue appears to be happening at scale, primarily due to the number of user complaints on various social media sites.

High profile figures in the gaming world have also been hit. This includes the founder of the LootPots gaming news site and Nintendo accounts from ArsTechnica's game reviews editor.

"Even my Paypal support guy got hit with a hacked Nintendo account," another user wrote on Twitter. "I can't make this [expletive] up."

Even my Paypal support guy got hit with a hacked Nintendo account, I can't make this shit up pic.twitter.com/Ounarwy2aC — DakiniBrave (@DakiniLuna) April 15, 2020

With help from a source in the threat intelligence community, ZDNet has identified recent ads put up online this month, where hackers are selling Fortnite V-Bucks acquired from Nintendo Switch accounts.

Image: ZDNet

The ads appear to be tied to the recent hijacking campaign that's been targeting Nintendo accounts.

"Once Bought, I Will Login And Buy You The Specified Amount Of V-Bucks You Wanted/Needed," each of the ads' text reads.

Image: ZDNet

How to secure Nintendo accounts

Users who fear they may have been the victims of this mass-hijacking campaign, or who want to avoid having their accounts hacked, are advised to follow the steps below: