Nintendo today confirmed earlier reports of account breaches dating back over the past few weeks. The gaming giant issued an update (via Nintendo Japan) noting that around 160,000 Nintendo Accounts were impacted, which found multiple being used to purchase digital items without the owner’s consent. Along with the purchasing powers, the offending parties may have also gained access to personal information, including D.O.B. and email addresses.
The issue appears frequency of account access appears to have increased in recent weeks. To address the matter, the company is shutting down log-ins via NNID (Nintendo Network ID), an older account system that dates back to the 3DS/Wii U. Nintendo is resetting passwords for those impacted and recommending that everyone (impacted or not) enable two-factor authentication for their systems.
It will also be sending out notifications for the 160,000 or so users who were targeted during the month of April. The company noted earlier this week that it was investigating the issue, which found many users seeing unexpected purchases of items, including Fortnite V-Bucks, using a connected PayPal account.
Nintendo appears to still be trying to get to the bottom of how the parties gained access to the NNID info beyond “by some means other than our service.” It has been asking for users to submit feedback in an attempt to locate the source of the breach.