Though Nintendo shut down legacy Nintendo Network IDs (NNIDs) back in April after discovering that hackers gained access to the credentials of 160,000 accounts, the Japanese gaming giant has confirmed that the number of accounts affected could now total 300,000.
Nintendo revealed the findings of its investigation in a Japanese statement today. The company says that “approximately 140,000 additional NNIDs” were accessed maliciously, once again emphasizing that the breach is not directly related to Nintendo’s security and instead relates to customers using the same password for multiple accounts. These passwords were then sold on the dark web.
This is very similar to the breach McDonald’s mobile ordering app continues to suffer from. I was a victim of this hack and over $2,000 worth of McDonald’s food was purchased with my account.
According to Nintendo, hackers used NNIDs to access newer Nintendo Accounts and the PayPal accounts associated with them. Credit card information was not compromised but PayPal accounts could be used to make fraudulent purchases in the Nintendo eShop. Other information like nicknames, email addresses and dates of birth also leaked.
Unlike McDonalds, Nintendo took direct responsibility for the breach and shut down NNIDs entirely and refunded fraudulent purchases. The company also encouraged users to sign up for more secure two-factor authentication.
If your Nintendo Account is affected by the hack, you’ll receive a password reset notification from Nintendo as well as an email stating that your account has been compromised.
To check your purchase history, navigate to my.nintendo.com. Next, click on your account name in the top right corner of the screen and then select ‘Account Settings.’ Now, select ‘Shop Menu’ and then ‘Transaction History’ on the next screen.