There's something concerning going on, as Nintendo Switch owners are reporting that they're seeing suspicious attempted log-ins for their account. Many users are sharing that they've either received emails from Nintendo with notices of log-ins from new devices, or even some that say their saved payment information was used to purchase V-bucks in Fortnite without their authorization. While Nintendo hasn't confirmed or denied as to whether or not there was a data breach or if there's a problem unfolding, it would be wise to make sure your account is secured. You can do so by resetting your password, checking out if there's been an unauthorized log-in attempt by looking at your history, removing your linked PayPal or Credit Card accounts, or turning 2-Step Verification on for your Switch account, which Nintendo themselves recommended just last week.

Nintendo is now aware of the problem and is "investigating the situation". They again recommend that users turn on 2FA.

EDIT: One of our users is conducting a poll to see who has been affected. You can fill it out here.

 

[Gamemaster1379]

i think nintendo has been hacked far worse than we relised i would run an AV scan for Keyloggers on your pc's if randomly generated passwords are being cracked that easily i suspect more is in play

I have anti-viruses in place. Furthermore, a keylogger would not be able to capture a password generator generating something I'm not keying in. By how the password manager works, I wouldn't be copying to clipboard either with auto-fill, so even a compromised clipboard malware wouldn't run the risk of this happening.

I also have no other services with suspicious login activity. I suspect Nintendo's actual infrastructure is compromised and hackers are likely logging in through some session authentication exploit, bypassing the need of passwords entirely.

 

[0x3000027E]

if the hackers are reading this take a good look at yrself yr scum bastards and yr parents must be ashamed for what you are doing

A message from Nintendo to atmosphere/sxos developers?

 

[jeffyTheHomebrewer]

*laughs in no saved info*

 

[Gamemaster1379]

*laughs in no saved info*

Even without saved info, they still have full access to your account.

 

[DarkFlare69]

One of my old Nintendo accounts was accessed by someone in Russia yesterday. This is definitely a data breach on Nintendo's part. I use 18-24 character, randomly generated complex passwords for all my accounts, and this one was no exception. This password is impossible to bruteforce and not shared with any other login anywhere.

 

[jonesman99]

Welp, I just updated my password and added the 2-step verification. Thankfully I didn’t get hit by a hacker

 

[Gunstorm]

I received the notification of suspicious login from indonesia(im from Brazil), but i dont have any payment method registred..
Iv changed my password, e-mail and added 2 step verification

 

[godreborn]

thanks for the heads up, @Chary . I changed my password and enabled two-step verification. I didn't have my credit card info stored after what happened with psn. I guess it would be easy for a good hacker to get through both a password and two-step verification, but like most thieves, they're probably going to go after the easy targets.

 

[decemberchild]

This happened to me twice today from Singapore. The first time I changed my password... a few hours later it happened again. I guess I need to use two-step.

 

[Xzi]

No suspicious login attempts for me thankfully, but I added 2FA just in case.

 

[godreborn]

No suspicious login attempts for me thankfully, but I added 2FA just in case.

same here. I had no suspicious activity, but I took precautions just in case. it kinda pisses me off that nintendo would be silent about it. I think sony was that way too until it blew up in their face.

 

[BiggieCheese]

Yeah I read about this the other day, nothing out of the ordinary on my end but I still set up 2FA via Authy as a precaution, also unlinked my Nintendo Network ID in case the breach is on that end.

 

[DarkFlare69]

This happened to me twice today from Singapore. The first time I changed my password... a few hours later it happened again. I guess I need to use two-step.

If that's the case, then that means the security breach is still ongoing and there's not just a single database dump like what happens normally. This isn't good for anyone.

EDIT: To keep yourself safe, it's probably best to make sure 2FA is always enabled even if your password is very secure and complex. Password strength probably doesn't matter at this point since it's clear they're not bruteforcing.

 

[godreborn]

my nso is still tied to paypal. do you guys think I should change my paypal password? I can't remember how it works on the switch, but does it ask for your email and password, then saves it if you want to?

 

[Xzi]

same here. I had no suspicious activity, but I took precautions just in case. it kinda pisses me off that nintendo would be silent about it. I think sony was that way too until it blew up in their face.

To be fair, I don't think this is particularly surprising or unusual. I doubt it's some new hacking method or anything like that, it's just that far more people are bored at home, and most passwords are easy enough to brute force. Thus it's a good idea to use 2FA wherever it's offered.

 

[my2k2zx2]

Mine was accessed on April 13. I did not have any saved payment methods. I have no idea what my old password was but I do now that I've done a reset.

 

[DJPlace]

well son of a switch it's like PSN all over 9 years ago...

 

[Jiehfeng]

Jesus Christ, I'm not alone... :o

 

[HarveyHouston]

No unauthorized access on my Nintendo Account. I guess I'm safe for now. -_-

 

[GerbilSoft]

As a reminder, if you have a Nintendo Network ID linked to your Nintendo Account, it is possible to log into the Nintendo Account using the NNID password. Annoyingly, the only way to change the NNID password is through a linked 3DS or Wii U.

Note that enabling 2FA on your Nintendo Account will also prompt for the 2FA code if logging in using the NNID password on the web interface. (On 3DS and Wii U, it won't, but an NNID can only be used on one 3DS and one Wii U at a time.)