A total of 300,000 Nintendo accounts have been breached since the beginning of April, the company revealed Tuesday, as hackers used others’ Nintendo Network IDs without permission.
The hack was first discovered in April, and at the time, Nintendo said users would no longer need to use these IDs to log into their accounts, and that passwords on accounts that may have been breached would be reset. Previously, the company said 160,000 accounts were hacked, but on June 9 it updated those numbers to a whopping 300,000.
Nintendo discovered the additional hacked accounts after continuing its investigation, the company said Tuesday in a statement written in Japanese on its website. The company also stated that it is taking additional security measures. Only a small fraction of the breached accounts were used to make fraudulent purchases and refunds for these customers are nearly complete, the company said.
Nintendo did not immediately respond to a request for comment.
In April, social media users began complaining about missing funds from their Nintendo accounts and, in some cases, that their money was used to buy Fortnite’s virtual currency, V-Bucks.
In addition to logging in to potentially play other users’ games, the hackers were also able to see individuals’ date of birth, country or region and email addresses. They could also access payment services linked to these accounts, including PayPal accounts or credit cards to buy items on Nintendo’s platform.
“We sincerely apologize to our customers and related parties for any inconvenience and concern. In the future, we will make further efforts to strengthen security and ensure safety so that similar events do not occur,” said Nintendo in an April announcement.
A Nintendo Network ID is a unique username and password used mainly for older Nintendo 3DS and Wii U consoles. On the newer Nintendo Switch, users can simply create an account using an email address, although it was possible to link it to the Nintendo Network ID.
Nintendo encouraged customers to check their purchase history for any unauthorized transactions and then request a refund. Credit card information wasn’t exposed, according to the company.
The company is emailing affected users, urging them to change their passwords. Anyone who previously used a Nintendo Network ID to log in should now use their Nintendo account email address instead. For an extra layer of security, the company is also asking people to set up two-factor authentication, adding a second method of verification such as linking to another app that will generate a code for each login.