In April of this year, Nintendo responded to the increasingly high amount of suspicious login attempts to Nintendo Network ID accounts affecting users across the world, promising that they would investigate the cause of the malicious logins. An update to the report has been made, as of June 9th, following up on their initial statement on the matter. Previously, Nintendo claimed that around 160,000 accounts were affected, telling NNID users to turn on 2-factor authentication, while also allowing refunds for games bought illegally on compromised accounts. The updated report states that another 140,000 IDs and passwords were accessed, in addition to the original figure of 160,000, bringing the total to around 300,000, which is "less than 1%" of total NNID users.
Nintendo stresses that credit card information saved to profiles was not able to be seen by those hacking into the accounts, though if you did save payment data to your account, it may have been able to be used to purchase items on the Nintendo eShop. You will also no longer able to use your NNID to login to your Nintendo account, with all illegally accessed accounts to have their passwords reset automatically. According to Nintendo's investigation, these passwords were not obtained via any breaches to their own services, meaning the accounts were most likely accessed due to the emails and passwords being shared across other services that had been hacked in the past.