Almost 24,000 user accounts on Nintendo's main fan site have been hijacked in a sustained mass-login attack that began early last month, the company said.

The wave of attacks on Club Nintendo exposed personal information associated with 23,926 compromised accounts, including users' real names, addresses, phone numbers and e-mail addresses, according to a press release Nintendo issued over the weekend. The campaign began on June 9 and attempted more than 15.5 million logins over the following month. Attackers likely relied on a list of login credentials taken from a site unrelated to Nintendo.

Club Nintendo offers rewards to Nintendo customers in exchange for having them register their products, answer surveys, and provide personal data. The site operates internationally and has about four million users in Japan, the primary region of most affected users. Things came to a head on July 2, when the wave of logins crested. By Friday, July 5, Nintendo had reset passwords on the site.

"There were scattered illicit attempts to log in since June 9, but we became aware of the issue after the mass attempts on July 2," company spokesman Yasuhiro Minagawa told IDG News.

Other game companies recently hit by security problems include Ubisoft, which last week warned that customer user names, e-mail addresses and cryptographically hashed passwords were illegally accessed from an account database that had been breached. More recently, the alpha launch of a new indie game called Cube World has been reportedly disrupted by denial-of-service attacks.