Following reports of security breaches and Nintendo's own investigation, the gaming giant just confirmed that some 160 000 Nintendo Accounts have been targeted by hackers. These accounts were tied to Nintendo Network ID (NNID) logins, used on the 3DS and WiiU consoles. As a result, Nintendo is discontinuing the ability to use NNID to sign in to a Nintendo Account, resetting the passwords for those affected and is recommending two-step verification to prevent future breaches.

The hackers had access to private data such as nicknames, email addresses and dates of birth, and could also make digital purchases with linked PayPal accounts. However, Nintendo confirmed that despite purchases being made, credit card data was not accessed.

SOURCE

 

[Foxi4]

Safe to say that anybody who views any business as a "friend" is going to be taken for a ride. Of course making money is the point. That said, it's not like it was Nintendo employees hacking peoples' accounts, and there are plenty of options for people seeking recourse through their bank/Paypal account.

Sure, but limited liability doesn't entail no liability. Nintendo still has a duty of care when entrusted with people's personal details and as such any breach like this should be investigated to see whether it was preventable and a result of negligence or a genuine oversight. Fortunately the attack seems to be small in scale (that we know of), but it's simply good customer service to offer some kind of compensation when a company messes up. When Sony's infrastructure took a beating in 2011 they at least offered up to two free games for those affected - I'd say that's a nice gesture compared to "hey, we've reset your password for you, sure hope you'll keep shopping with us, bye!", don't you think? Now, admittedly, their boo boo was *orders of magnitude* worse, but still. In any case, it's problems like these that make me delete payment methods from online services when I'm done shopping - it's not that hard to punch them back in when needed.

 

[mightymuffy]

Foxi4: still flying on the Sony defensive I see! (wouldn't be gbatemp without you!)

I sort of agree on this occasion though - not with the jumping to Sony's defense bit - but the fact that there was a way through via the use of NNID : Nintendo does need to offer more of an apology than whatever that was ....that said, Sony didn't exactly offer the free games immediately after did they ...hopefully those affected can get, I dunno, couple of months free online as an apology - which might happen in the coming weeks..?

 

[ELY_M]

That's why two-step verification is very important, enable it ASAP if you haven't. This makes me to believe that a certain WiiU/3DS homebrew had malicious code who stole NNID credentials on any of those consoles.

thats why I only use open sourced homebrew apps. you never know what authors put in their closed source apps. I would never use closed sourced apps.

 

[Gamemaster1379]

That would've just made it harder to trigger. It wouldn't have fixed the underlying issue at all. I'm sure they wish they had done that since it surely would've lowered the number of people willing or able to softmod their Switches, but it wouldn't have made the Switch any less vulnerable at the software level.


Is it standard practice in the hardware industry to to pore over the source code of any third party chips line-by-line before using them? If not, then Nintendo was no more in error than any other hardware company who uses ready-made solutions. Who would've thought that Nvidia would've made such a massive oversight in their design of the chip? I certainly can't think of any similarly far-reaching errors in a ready-made chip off the top of my head.

Definitely is not, and in some cases, literally is not possible. Especially once you start looking at wireless radio technology (especially cellular), the FCC in the US regulates how much of the source can be shared outside the company--even to vendors.

 

[Xzi]

Fortunately the attack seems to be small in scale (that we know of), but it's simply good customer service to offer some kind of compensation when a company messes up. When Sony's infrastructure took a beating in 2011 they at least offered up to two free games for those affected

Sure, but like you said, the difference between this and the Sony breach is nearly immeasurable. IIRC everybody on PSN was vulnerable, whereas the type of small-scale "hacking" Nintendo accounts are currently experiencing happens on nearly every account-based service every week. I'm not going to complain if I get something for free out of the whole debacle, but nor am I expecting any such compensation.

 

[Foxi4]

Foxi4: still flying on the Sony defensive I see! (wouldn't be gbatemp without you!)

I sort of agree on this occasion though - not with the jumping to Sony's defense bit - but the fact that there was a way through via the use of NNID : Nintendo does need to offer more of an apology than whatever that was ....that said, Sony didn't exactly offer the free games immediately after did they ...hopefully those affected can get, I dunno, couple of months free online as an apology - which might happen in the coming weeks..?

Oh, far from defending Sony, they messed up big time. I just like to use the same measuring stick regardless of the company banner - if you mess up, pay your dues.

 

[chrisrlink]

they worried more about paypal data (money) than say the AES keys to the switch? i think the hackers priorities are screwed up you can reset/freeze CC data/Paypal but having the master keys to the switch/switch lite is actually even though more risky if they don't cover their tracks good enough, can be worth much more, also they discontinnued NNID? how the hell am i suppose to redownload UM then on my o2ds? if it's tied to my NNID (is it also console tied still like before NNID's

 

[DinohScene]

Only 160k accounts breached?, not bad Nintendo, not bad!

It's not like Nintendo was blatantly incompetent, using out-of-date software with no firewall to handle all their information, and obfuscating said idiocy to make it appear to be secure. They're not Sony after all. Nintendo doesn't use secret keys that can be guessed by looking at a package of AA Batteries, or use create private keys with a custom non-random-number-generating program.

So of course Nintendo isn't going to compensate you for something they caught quickly and on an apparently very secure and well designed network of theirs. If there are unusual transactions on your account or unusual activity, just contact a customer rep about it, and they'll work with you to get things resolved, but because this issue isn't as wide spread as what happened to Sony, there's no need to just issue a blanket compensation package.

Cheers for making me evening haha!

 

[urherenow]

the 3ds can be defeated in around an hour with Seedminer and the like- I've done it 3 times now.

Or in 2 minutes with a flash card and a magnet

 

[Plasmaster09]

Or in 2 minutes with a flash card and a magnet

Yeah but I mean for free without buying a flash card
plus luma is so convenient

 

[zoogie]

Or in 2 minutes with a flash card and a magnet

You're ignoring the 2-3 week wait for the card to ship from China, but ntrboot's faster if you're willing to ignore that

 

[Ratskull]

It's not like Nintendo was blatantly incompetent, using out-of-date software with no firewall to handle all their information, and obfuscating said idiocy to make it appear to be secure. They're not Sony after all. Nintendo doesn't use secret keys that can be guessed by looking at a package of AA Batteries, or use create private keys with a custom non-random-number-generating program.

So of course Nintendo isn't going to compensate you for something they caught quickly and on an apparently very secure and well designed network of theirs. If there are unusual transactions on your account or unusual activity, just contact a customer rep about it, and they'll work with you to get things resolved, but because this issue isn't as wide spread as what happened to Sony, there's no need to just issue a blanket compensation package.

Well designed network lol good one

 

[urherenow]

When the method came out, I already had a compatible card. No waiting. And the comment about Luma... the hacking has to be done to use it, so I don’t understand the point of the comment. Give me 2-5 minutes with your 3ds, and you’ll be running Luma with b9s.

 

[pyrotechnicmonkey]

This makes me to believe that a certain WiiU/3DS homebrew had malicious code who stole NNID credentials on any of those consoles.

That makes sense but i never realized the 3ds hacking scene was so widespread.

 

[PrincessLillie]

This makes me to believe that a certain WiiU/3DS homebrew had malicious code who stole NNID credentials on any of those consoles.

No. The cause is password reuse.

 

[HarveyHouston]

Sooo, does this mean that you can't use your NNID anymore on the 3DS and Wii U? Just wanted to see how far this goes...

 

[chrisrlink]

then again they said it was obtained by other "illegal" means according to one article wonder if they mean hombrew which is technicly not illegal again nintendo fear mongering on the homebrew community even if the vast majority are pirates

--------------------- MERGED ---------------------------

Sooo, does this mean that you can't use your NNID anymore on the 3DS and Wii U? Just wanted to see how far this goes...

no you just cant log onto your nintendo account from your nnid they would screw so many users of 3ds/wiiU from redownloading their legit eshop games if they did

 

[Teletron1]

I don't see why you should need compensation. If the hackers made purchases with your account, you can contact customer support for a refund. No damage was done.

There is multiple articles out that also said there is a data breach with personal info name birthday address along with PayPal accounts and Credit Cards this will lead to Identity Theft right now with the World events going on it’s not catching steam but it will most likely will lead to a Class Action Lawsuit

 

[urherenow]

There is multiple articles out that also said there is a data breach with personal info name birthday address along with PayPal accounts and Credit Cards this will lead to Identity Theft right now with the World events going on it’s not catching steam but it will most likely will lead to a Class Action Lawsuit

well, I used paypal for the first time (on my switch) a few days ago, and you're given the option to not require the password when using paypal. I did NOT take that option. And of course I use 2fa.

 

[PhyChris]

Privet data breach.
People lost money.
Nintendo F****D up, simple.
they admitted it ffs lol
boot licking, LOL