Following numerous user reports of unauthorized account access, Nintendo issued a statement confirming that as many as 160,000 accounts had been breached since the start of April. The company reiterated its call for users to use a code on their phone in addition to a password. Specifically, Nintendo’s guidance on two-factor authentication recommends the use of Google Authenticator.
Of course, cybersecurity pros have long touted two-factor authentication as a way to protect against data breaches, and not just for gamers. “This is incredibly concerning for Nintendo users,” Lisa Forte of Red Goat Cyber Security told BBC News. “Passwords, for any account, are not the most secure way of signing in. It is essential for users to enable 2FA to make their accounts more secure.”
Nintendo said that hackers may have been able to see users’ nicknames, dates of birth, gender, country/region and email address information. According to the company’s statement, there was no sign that credit card information could have been viewed by hackers, though some illegitimate purchases may have taken place through credit card information linked to the account.
As The Verge reports, Nintendo is also disabling the ability to log in to Nintendo accounts using Nintendo Network IDs, which were used for older gaming systems. The company said it would contact affected users via email and cautioned that users should avoid having the same password for their Nintendo account and other accounts, such as Paypal.
As Tom’s Guide notes, Nintendo apologized for the breach and said it will “make further efforts” to shore up cybersecurity going forward.