About two months since Nintendo revealed a massive data breach that compromised 160,000 Nintendo accounts, the Japanese gaming company confirmed an additional 140,000 on Tuesday.
According to the firm, the additional hacked accounts were discovered while Nintendo is continuing its investigation. This raised the overall number of impacted accounts to a whopping 300,000.
“We posted a report on unauthorized login on April 24th, but as a result of continuing the investigation after that, there were approximately 140,000 additional NNIDs [Nintendo Network IDs] that may have been accessed maliciously. It turned out that it was,” the company wrote on a post.
Back in April, the Japanese gaming giant said a total of 160,000 Nintendo Network ID (NNID) accounts were accessed by unauthorized third parties. At the time, Nintendo said the compromised accounts were found being used by multiple parties to purchase digital items. Personal information, including date of birth, country or region, and email addresses of the victims, were also believed to have been accessed.
"We sincerely apologize to our customers and related parties for any inconvenience and concern. In the future, we will make further efforts to strengthen security and ensure safety so that similar events do not occur," said Nintendo in an April announcement.
To date, the company said it is currently taking additional security measures and has already reset the passwords for the 140,000 NNIDs additions, along with the Nintendo accounts that were linked with them.
Moreover, the company claimed that only less than 1% of all the impacted accounts were used to make fraudulent purchases and that refunds for such transactions are nearly complete.
“Less than 1% of all NNIDs around the world that may have been illegally logged in may have actually been fraudulently traded through their Nintendo account. We are still in the process of refunding in each country, but we have already finished refunding for most customers,” it explained.
Nintendo is currently contacting affected users and urging them to change their passwords. It is also encouraging all users to enable two-step verification for their Nintendo Account.
“For enterprises like Nintendo, protecting users from account takeover poses a unique challenge. Inevitably, some portion of users will reuse passwords, putting their accounts at risk,” commented experts from SpyCloud in April.
“To protect users from account takeover, enterprises need to secure their human attack surface by proactively monitoring user logins for credential reuse and resetting compromised passwords — before criminals have the chance to use them,” they added.
