Following reports of security breaches and Nintendo's own investigation, the gaming giant just confirmed that some 160 000 Nintendo Accounts have been targeted by hackers. These accounts were tied to Nintendo Network ID (NNID) logins, used on the 3DS and WiiU consoles. As a result, Nintendo is discontinuing the ability to use NNID to sign in to a Nintendo Account, resetting the passwords for those affected and is recommending two-step verification to prevent future breaches.

The hackers had access to private data such as nicknames, email addresses and dates of birth, and could also make digital purchases with linked PayPal accounts. However, Nintendo confirmed that despite purchases being made, credit card data was not accessed.

SOURCE

 

[ShadowOne333]

Nice to see Nintendo are giving absolutely no compensation to people like myself who's account was hacked. After Sony did it years ago on the PS3 you would have thought Nintendo would have done the same.

As I've been saying for years, Nintendo doesn't care about their fans at all, they only care about filling their pockets, even if their services are mediocre at best.
As to why people continue to support Nintendo's shit in this regard goes beyond me, seeing how this is not the first time it has happened.

 

[Teletron1]

Nintendo Update
Please read important information regarding the discontinuation of Nintendo Account sign-ins using a Nintendo Network ID:

https://en-americas-support.nintendo.com/app/answers/detail/a_id/49396

 

[MrCokeacola]

Not fair though as security is part of ther dna

True, but as a Xbox fanboy it's one of the very few things we can brag about.

 

[Foxi4]

True, but as a Xbox fanboy it's one of the very few things we can brag about.

Hey, XBL is a good thing to brag about, easily an industry leader in terms of online on consoles.

 

[DarkCoffe64]

Mh, I was thinking if maybe my old as fuck craptendo account could've maybe been hacked, tho, haven't really used that in ages ever since I modded my old 3ds ages ago...

Then I remembered that back then I had a different card for payment, and don't think I ever used paypal or linked/saved any info there... plus, I believe I've changed my paypal password since back then... and there are no payments record that aren't mine right now...
I should be cool hopefully.

 

[Sicklyboy]

Yeah, my Nintendo account got popped last night/early this morning. Caught the email within a half hour of it happening, changed my password and enabled 2FA immediately. Fortunately nothing looks to have been purchased. And, fortunately, I've gone to reasonable lengths to secure my email account in the past so I don't have many concerns there.

Opportune time to remind people that

1) people are lazy and don't like remembering or typing in passwords, so they reuse the same password and email and username combination over and over and over. I am people, and I am lazy. Use a password manager to create secure, unique passwords per site, as well as preventing you from needing to type them in (in most occasions). I use LastPass (free), some people are not a fan of the cloud storage they offer for your account management. Alternatives that I have heard good things about but have not personally used are KeePass and 1Password.

2) While I don't believe this is an option that Nintendo offers, SMS-based 2FA, while generally speaking is better than no 2FA at all, should absolutely be avoided if other 2FA options exist, such as TOTP codes generated by Google Authenticator/Authy or support for a physical FIDO/U2F dongle such as a Yubikey.

 

[DANTENDO]

Mh, I was thinking if maybe my old as fuck craptendo account could've maybe been hacked, tho, haven't really used that in ages ever since I modded my old 3ds ages ago...

Then I remembered that back then I had a different card for payment, and don't think I ever used paypal or linked/saved any info there... plus, I believe I've changed my paypal password since back then... and there are no payments record that aren't mine right now...
I should be cool hopefully.

Unless yr paranoid

 

[ChaosEternal]

The Switch's security was defeated with a paperclip - a nice callback to the Wii's security being defeated with a pair of tweezers.

To be fair, it's pretty hard to secure your device when another company's chip can be used to gain full control of the system during the bootloading process. That's hardly Nintendo's fault. You're 100% correct about their previous consoles, but you can lay this one squarely at Nvidia's feet.

 

[|<roni&g]

I said something similar the other day & I'm saying it again in hopes of waking people up. If you can go back and look at my comments on switch, I said years ago id never trust tendo with my bank info and now you see why.
Read n wake up or be a stoopid brain dead consumer who enjoys dropping money on nothing.
Nintendo should never of charged for online, on a Nintendo console you make a character and go straight online without silly signing in and memberships etc, nintendos online just works seamlessly, or used to on DS,Wii,U &3DS.
Now they want your money, be it only $20, it's not the point. The point is the added inconvenience that didn't used to exist on Nintendo and now on top of the added inconvenience, as expected people's information has been accessed because of course it has, Nintendo has it on their systems, it was only a matter of time.
They should revert back free online and use that as a selling point like they should of done years ago.

Yet someone will try and argue that Nintendo should charge an online fee and have their banking info stored...... Anti consumer "Fanboy" fools.

 

[Technicmaster0]

It's alarming that nintendo didn't react earlier on their own and that they needed so long to find out what happened.

 

[Foxi4]

To be fair, it's pretty hard to secure your device when another company's chip can be used to gain full control of the system during the bootloading process. That's hardly Nintendo's fault. You're 100% correct about their previous consoles, but you can lay this one squarely at Nvidia's feet.

Nah, Nintendo are the ones who needed to secure their device. They didn't need to put the HOME button pin on the rail. They could have designed the system differently, they just didn't predict that this function would be exploitable.

 

[ZoNtendo]

To be fair, it's pretty hard to secure your device when another company's chip can be used to gain full control of the system during the bootloading process. That's hardly Nintendo's fault. You're 100% correct about their previous consoles, but you can lay this one squarely at Nvidia's feet.

Trusting the binaries of a third party is bad, still somehow an error of Nintendo.

 

[ChaosEternal]

Nah, Nintendo are the ones who needed to secure their device. They didn't need to put the HOME button pin on the rail. They could have designed the system differently, they just didn't predict that this function would be exploitable.

That would've just made it harder to trigger. It wouldn't have fixed the underlying issue at all. I'm sure they wish they had done that since it surely would've lowered the number of people willing or able to softmod their Switches, but it wouldn't have made the Switch any less vulnerable at the software level.

Trusting the binaries of a third party is bad, still somehow an error of Nintendo.

Is it standard practice in the hardware industry to to pore over the source code of any third party chips line-by-line before using them? If not, then Nintendo was no more in error than any other hardware company who uses ready-made solutions. Who would've thought that Nvidia would've made such a massive oversight in their design of the chip? I certainly can't think of any similarly far-reaching errors in a ready-made chip off the top of my head.

 

[Bladexdsl]

when it comes to shitty online, 3rd party support, console security and dated hardware nintendo wins every time!

 

[Foxi4]

That would've just made it harder to trigger. It wouldn't have fixed the underlying issue at all. I'm sure they wish they had done that since it surely would've lowered the number of people willing or able to softmod their Switches, but it wouldn't have made the Switch any less vulnerable at the software level.

Oh, most definitely, I just find it funny that they would oversee this pretty major vulnerability given the fact that a recovery mode like this is standard affair on chips intended for Android devices. You'd expect them to at least obfuscate it a little bit.

 

[banjo2]

Good for me I guess, as I don't have a 3DS/Wii U

 

[3pixel]

I guess someone in the Homebrew community collected our 3DS data.
I had my 3ds flashed with Luma3ds and all the stuff needed. The only App i used frequently was ****shop (i know piracy is bad).
i never used my NNID somewhere else only on the 3DS.

edit: i also want to say that i havent used my 3ds for years.

 

[The Real Jdbye]

I have my Nintendo Account linked to my NNID but it doesn't seem like I've been affected. I guess my email isn't on whatever list they were going off of.

 

[Xzi]

As I've been saying for years, Nintendo doesn't care about their fans at all, they only care about filling their pockets, even if their services are mediocre at best.
As to why people continue to support Nintendo's shit in this regard goes beyond me, seeing how this is not the first time it has happened.

Safe to say that anybody who views any business as a "friend" is going to be taken for a ride. Of course making money is the point. That said, it's not like it was Nintendo employees hacking peoples' accounts, and there are plenty of options for people seeking recourse through their bank/Paypal account.

 

[drewby]

I noticed this last week actually. Someone logged into my Nintendo account. Changed the PW and now setting up 2-factor authentication.