Following reports of security breaches and Nintendo's own investigation, the gaming giant just confirmed that some 160 000 Nintendo Accounts have been targeted by hackers. These accounts were tied to Nintendo Network ID (NNID) logins, used on the 3DS and WiiU consoles. As a result, Nintendo is discontinuing the ability to use NNID to sign in to a Nintendo Account, resetting the passwords for those affected and is recommending two-step verification to prevent future breaches.

The hackers had access to private data such as nicknames, email addresses and dates of birth, and could also make digital purchases with linked PayPal accounts. However, Nintendo confirmed that despite purchases being made, credit card data was not accessed.

SOURCE

 

[Prans]

How to set up two-step verification for a Nintendo Account link

 

[DSoryu]

That's why two-step verification is very important, enable it ASAP if you haven't. This makes me to believe that a certain WiiU/3DS homebrew had malicious code who stole NNID credentials on any of those consoles.

 

[AmandaRose]

Nice to see Nintendo are giving absolutely no compensation to people like myself who's account was hacked. After Sony did it years ago on the PS3 you would have thought Nintendo would have done the same.

 

[NotATurtle]

Nice to see Nintendo are giving absolutely no compensation to people like myself who's account was hacked. After Sony did it years ago on the PS3 you would have thought Nintendo would have done the same.

I didn't use my PS3/PS4 for over 2 years and can't access to my account anymore and Sony support isn't helping with that either... it's not like one is "good" and the other is "bad". Both companies have good and bad practices with different services.

 

[smileyhead]

Nice to see Nintendo are giving absolutely no compensation to people like myself who's account was hacked. After Sony did it years ago on the PS3 you would have thought Nintendo would have done the same.

I don't see why you should need compensation. If the hackers made purchases with your account, you can contact customer support for a refund. No damage was done.

 

[huma_dawii]

I think they should do something about it... Thank God I never bought anything with my NNID, but hey... kinda dangerous and scary if you had a credit card linked....

 

[Dimensional]

Nice to see Nintendo are giving absolutely no compensation to people like myself who's account was hacked. After Sony did it years ago on the PS3 you would have thought Nintendo would have done the same.

It's not like Nintendo was blatantly incompetent, using out-of-date software with no firewall to handle all their information, and obfuscating said idiocy to make it appear to be secure. They're not Sony after all. Nintendo doesn't use secret keys that can be guessed by looking at a package of AA Batteries, or use create private keys with a custom non-random-number-generating program.

So of course Nintendo isn't going to compensate you for something they caught quickly and on an apparently very secure and well designed network of theirs. If there are unusual transactions on your account or unusual activity, just contact a customer rep about it, and they'll work with you to get things resolved, but because this issue isn't as wide spread as what happened to Sony, there's no need to just issue a blanket compensation package.

 

[DANTENDO]

So of course Nintendo isn't going to compensate you for something they caught quickly and on an apparently very secure and well designed network of theirs

What didn't people start complaining first ther account seems to be hacked

 

[Deleted User]

Better change my password then from Sega to Sony.

 

[Foxi4]

It's not like Nintendo was blatantly incompetent, using out-of-date software with no firewall to handle all their information, and obfuscating said idiocy to make it appear to be secure. They're not Sony after all. Nintendo doesn't use secret keys that can be guessed by looking at a package of AA Batteries, or use create private keys with a custom non-random-number-generating program.

So of course Nintendo isn't going to compensate you for something they caught quickly and on an apparently very secure and well designed network of theirs. If there are unusual transactions on your account or unusual activity, just contact a customer rep about it, and they'll work with you to get things resolved, but because this issue isn't as wide spread as what happened to Sony, there's no need to just issue a blanket compensation package.

The Switch's security was defeated with a paperclip - a nice callback to the Wii's security being defeated with a pair of tweezers. I don't think this kind of posturing is a good look considering all of Nintendo's consoles have been pwned shortly after their release.

 

[Bladexdsl]

nintendo once again proving they are pathetic when it comes to security

 

[PabloMK7]

I knew it!
https://gbatemp.net/threads/google-...icius-logins-in-your-nintendo-account.563151/

We can't blame Nintendo yet. If there is an exploit for the 3DS, attackers can benefit of the Luma3DS features to steal data.

 

[jurai]

The Switch's security was defeated with a paperclip - a nice callback to the Wii's security being defeated with a pair of tweezers. I don't think this kind of posturing is a good look considering all of Nintendo's consoles have been pwned shortly after their release.

Which has absolutely nothing to do with an account breach, try harder

 

[Dimensional]

The Switch's security was defeated with a paperclip - a nice callback to the Wii's security being defeated with a pair of tweezers. I don't think this kind of posturing is a good look considering all of Nintendo's consoles have been pwned shortly after their release.

I was trying to go more for the fact that their services appear more secure than Sony's. Not their hardware, though using examples from the vita and ps3 weren't the best. Nintendo's own services and network has made some great strides in security without too many issues last I heard, something Sony had to learn from after they've been hurt, and as such things could have been a lot worse given what we know of other services and how bad things went for them.

 

[Foxi4]

I was trying to go more for the fact that their services appear more secure than Sony's. Not their hardware, though using examples from the vita and ps3 weren't the best. Nintendo's own services and network has made some great strides in security without too many issues last I heard, something Sony had to learn from after they've been hurt, and as such things could have been a lot worse given what we know of other services and how bad things went for them.

To be fair, Nintendo's network is also extremely barebones, so there are far less vulnerabilities to worry about, but that's a fair point. My point was that they're not huge security experts, and never were. Let's not forget that their online backend used to be powered by GameSpy, which is why huge swathes of Nintendo Wi-Fi Connection games ceased to function as soon as GameSpy bit the dust. I wouldn't give them too much praise when we don't exactly know what happened yet.

 

[Plasmaster09]

To be fair, Nintendo's network is also extremely barebones, so there are far less vulnerabilities to worry about, but that's a fair point. My point was that they're not huge security experts, and never were. Let's not forget that their online backend used to be powered by GameSpy, which is why huge swathes of Nintendo Wi-Fi Connection games ceased to function as soon as GameSpy bit the dust. I wouldn't give them too much praise when we don't exactly know what happened yet.

honestly Nintendo has some pretty darn ironclad security when it comes to protecting consumers- this is the first time this kinda thing has happened, and Nintendo's already on it before it can reach even a fraction of the scale of the PSN disaster
however they are really bad at protecting from consumers- that is to say, hacking
the dsi only takes around half an hour to hack and requires nothing but a way to transfer files, the dsi, a memory card and some hax files
the wii's security was broken with tweezers
the 3ds can be defeated in around an hour with Seedminer and the like- I've done it 3 times now
the wii u can be softmodded pretty easy and it only costs around $7 for dsvc for permanent haxchi
and the switch? it's a tad harder, but if you own an early model (myself included) it can be hacked with a freaking paperclip or a plastic jig.

 

[MrCokeacola]

So Microsoft can now clam they are the only online gaming network to never be compromised?

 

[DANTENDO]

So Microsoft can now clam they are the only online gaming network to never be comprised?

Not fair though as security is part of ther dna

 

[Foxi4]

honestly Nintendo has some pretty darn ironclad security when it comes to protecting consumers- this is the first time this kinda thing has happened, and Nintendo's already on it before it can reach even a fraction of the scale of the PSN disaster
however they are really bad at protecting from consumers- that is to say, hacking
the dsi only takes around half an hour to hack and requires nothing but a way to transfer files, the dsi, a memory card and some hax files
the wii's security was broken with tweezers
the 3ds can be defeated in around an hour with Seedminer and the like- I've done it 3 times now
the wii u can be softmodded pretty easy and it only costs around $7 for dsvc for permanent haxchi
and the switch? it's a tad harder, but if you own an early model (myself included) it can be hacked with a freaking paperclip or a plastic jig.

That's a fair assessment, which makes me wonder to what extent they outsource their online infrastructure, or alternatively whether or not they were targeted to the same extent. They *have* boarded the digital marketplace train only recently, comparatively speaking, so in the past there was much less reason to attempt a breach like this. I guess time will tell how far-reaching this problem really was and how they intend to address it, hopefully all of the vulnerabilities used are identified and patched, but I would err on the side of caution for now and keep payment methods unlinked for the time being.