I'm surprised there are no bug bounty applications for their web services... I found a xss vulnerability on a nintendo domain a while ago, and I know some companies like Google rewards you for these kind of vulnerabilities, but unfortunatly, nintendo don't.