Nintendo has almost doubled the number of user accounts compromised by hackers in the past few months.
The Japanese gaming giant originally said that 160,000 Nintendo accounts were compromised, exposing personal information like the account owner’s name, email address, date-of-birth and their country of residence. In an updated statement, the company said another 140,000 Nintendo accounts had been compromised.
Nintendo said the number increased as a result of its continuing investigation.
The company said it reset those passwords and contacted customers. The statement reiterated that fewer than 1% of all accounts were impacted by the breach.
News of account compromises came as early as March when users complained that their accounts were charged for digital items without their permission. Nintendo said in a tweet in April that users should enable two-factor authentication on their accounts but without saying why.
It took another two weeks before Nintendo admitted that accounts had been improperly accessed.
But Nintendo still hasn’t said how the accounts were accessed, beyond claiming that hackers got access to accounts by obtaining account passwords “by some means other than our company’s service.” Its implication is that users may have used weak passwords that hackers cracked, or reused passwords that were breached from other services and used by hackers to break into their Nintendo accounts.
If you haven’t enabled two-factor authentication on your Nintendo account yet, now would probably be a good time.