Following a growing number of reports of Nintendo users claiming their accounts had been hacked, Nintendo has confirmed that roughly 160,000 may have been accessed and exposed personally identifiable information about those users.
In a statement on its Japanese support site, Nintendo said Friday that it is now preventing users from logging in to their Nintendo accounts with Nintendo Network IDs after learning that credentials were “obtained illegally by some means other than our service.” (NNIDs were used for Nintendo 3DS and Wii U and are different from Nintendo accounts.) Previously, users had reported that their accounts had been used to purchase items from Nintendo shops, including in-game currency for Fortnite.
According to Nintendo, information that may have been exposed in the leak includes username, gender, date of birth, location, and email address. (Despite being used to make purchases, Nintendo said no credit card information stored on file would have been able to be viewed.) Nintendo said it first became aware of the issue in early April. Nintendo said it’s notifying affected users by email and has said it’s already started resetting NNIDs.
Users using the same password for their NNID and Nintendo accounts are being asked to change their passwords and enable two-factor authentication to prevent bad actors from accessing any payment information stored on file.
Nintendo did not immediately return a request for comment. However, in a translated version of its notice on its Japanese support site, the company said that it “will make further efforts to strengthen security and ensure safety so that similar events do not occur.”
It’s a good idea to use 2FA anywhere that it’s available—and yes, that means for your gaming credentials as well. To do so, head to your Nintendo user account page, click on Sign-in and security settings, and select 2-Step Verification settings at the bottom of the page. From there, Nintendo will send you a verification code and provide instructions for using Google Authenticator, as well as links for accessing the app if you don’t already have it.
And for the love of god, use a password manager and a strong, unique password for each of your individual accounts. Cutting corners is only ever going to cause more problems in the long run.