Nintendo revealed on Friday that 160,000 accounts were breached since the beginning of April, by hackers using others’ Nintendo Network IDs without permission. The company announced users will no longer need to use these IDs to log into their accounts, and that passwords on accounts that may have been breached will be reset.
Over the past month, users on social media were complaining of missing funds from their Nintendo accounts and, in some cases, seeing their money being used to buy Fortnite’s virtual currency, V-Bucks.
In addition to logging in to potentially play other users’ games, the hackers were also able to see individuals’ date of birth, country or region and email addresses. They could also access payment services linked to these accounts, including PayPal accounts or credit cards to buy items on Nintendo’s platform.
“We sincerely apologize to our customers and related parties for any inconvenience and concern. In the future, we will make further efforts to strengthen security and ensure safety so that similar events do not occur,” said Nintendo in an announcement originally written in Japanese.
A Nintendo Network ID is a unique username and password used mainly for older Nintendo 3DS and Wii U consoles. On the newer Nintendo Switch, users don’t have to register a Nintendo Network ID and can simply create an account using an email address, although it was possible to link the two.
Nintendo encouraged customers to check their purchase history for any unauthorized transactions and then request a refund. Credit card information wasn’t exposed, however, according to Nintendo.
The company is emailing affected users, urging them to change their passwords. Anyone who used to use a Nintendo Network ID to login should now use their Nintendo account email address instead. For an extra layer of security, the company is also asking people to set up two-factor authentication, adding a second method of verification such as linking to another app that will generate a code for each login.