There's something concerning going on, as Nintendo Switch owners are reporting that they're seeing suspicious attempted log-ins for their account. Many users are sharing that they've either received emails from Nintendo with notices of log-ins from new devices, or even some that say their saved payment information was used to purchase V-bucks in Fortnite without their authorization. While Nintendo hasn't confirmed or denied as to whether or not there was a data breach or if there's a problem unfolding, it would be wise to make sure your account is secured. You can do so by resetting your password, checking out if there's been an unauthorized log-in attempt by looking at your history, removing your linked PayPal or Credit Card accounts, or turning 2-Step Verification on for your Switch account, which Nintendo themselves recommended just last week.

Nintendo is now aware of the problem and is "investigating the situation". They again recommend that users turn on 2FA.

EDIT: One of our users is conducting a poll to see who has been affected. You can fill it out here.

 

[MrCokeacola]

lol putting your Switch online. Ever.

 

[Xabring]

A few days ago I checked my email and had about 30 or more access notifications. They were from many different places and said my account was accessed by " ", as in it was blank after that. I don't have a cc or anything linked but changed password just in case.

*Ah, I see I have more logins since putting in a much longer and complex password. Clearly something bad going on.

Hmmm...its other kind of exploit then..... better cut off the paypal account before I get breached,

 

[_abysswalker_]

You’d be surprised how easy bypassing 2 step can be. All of my email account have 2 step that has to go through my phone number and a code. Who ever got in there spoofed my phone number

Not exactly.. phone number is irrelevant unless there's an option to complete auth with SMS or phone call - just use a 2FA app and it's not that easy at all...

 

[pofehof]

My concern with app based authentication though is if something happens to my phone.

Microsoft Authenticator allows you to back up your account credentials to the cloud for this very reason.

 

[sarkwalvein]

Thanks for the tip. I had no problem yet but I enabled 2 step authentication.

 

[jt_1258]

what a fun time it is to not have a phone and locked out of using 2 factor authentication because of it. why can't I just have it be a code that goes to my email account...

 

[_abysswalker_]

Microsoft Authenticator allows you to back up your account credentials to the cloud for this very reason.

To maybe add some useful info on this Nintendo provides you with about 10 or so backup MFA codes you can use offline in case you lost your phone - you can write those down on a piece of paper or even take a screenshot of the initial setup QR code as backup

 

[godreborn]

yeah, there's a copy button as well to copy to a text file, which is what I did. I backed it up to my 4 10TB hdds.

 

[The Real Jdbye]

Just checked my account and no one's been on it other than me. They're probably using passwords from breached sites. This sort of thing happens to me all the time, I'm signed up on so many sites that every few months I get a notification from haveibeenpwned and I'm constantly getting notifications about failed/suspicious login attempts, but they aren't able to get into anything I actually care about.

 

[godreborn]

I think the passcodes for 2 step verification should be written down. the ones that bypass it that is, because it says that you will not be able to sign in to your account if you lose them.

 

[sarkwalvein]

what a fun time it is to not have a phone and locked out of using 2 factor authentication because of it. why can't I just have it be a code that goes to my email account...

Well, it doesn't need to be a phone but anything that can install google authenticator, I guess a tablet also works.

--------------------- MERGED ---------------------------

I think the passcodes for 2 step verification should be written down. the ones that bypass it that is, because it says that you will not be able to sign in to your account if you lose them.

This is "lost phone" case scenario. Yeah, store them somewhere.

 

[godreborn]

This is "lost phone" case scenario. Yeah, store them somewhere.

yeah, I probably should've mentioned that.

 

[ZachariasBarnham]

I'm safe. My online presence is minimal at best when playing my Switch. 2SV isn't an option for me as I don't have a phone or a tablet.

 

[jt_1258]

Well, it doesn't need to be a phone but anything that can install google authenticator, I guess a tablet also works.

--------------------- MERGED ---------------------------


This is "lost phone" case scenario. Yeah, store them somewhere.

I have a tablet...but it's on kitkat...which google is pushing to phase out support for which means I would eventually loose access to my account...*sigh*

 

[Fugelmir]

Has Nintendo given an official statement on this? What's with the dearth of publications?

 

[godreborn]

Has Nintendo given an official statement on this? What's with the dearth of publications?

according to the article, no, they haven't up to now.

 

[rehevkor]

Huh, there is a 2-step verification, but you need to activate it yourself.

Pip'

Yes, with a 3rd party authenticator.

 

[Deleted User]

Shoot,
If hackers break into, would they be knid enough to add there credit card or paypal info ?
My account is so dire.

Even my last activity isn't archived anymore, being more than two years old...Who goes online anyway ?

--------------------- MERGED ---------------------------

I'm safe. My online presence is minimal at best when playing my Switch. 2SV isn't an option for me as I don't have a phone or a tablet.

Same here.
Worse regarding their google/apple safety stuff (lol), it is far from unbreakable.

 

[ganons]

When signing up, do you have to add a payment method even if you don't plan to buy anything?

 

[godreborn]

When signing up, do you have to add a payment method even if you don't plan to buy anything?

I don't think so.