On April 24th, 2020 Nintendo Co., Ltd announced an unauthorized data breach of their online network, Nintendo Network ID (NNID). This service is predominantly used by Nintendo 3DS and Wii U console owners.
Approximately 160,000 accounts were impacted causing unauthorized access to personal information including email addresses, data of birth, country and Nicknames. Although credit card numbers were not exposures, some users on social networks have reported unusual account access:
In an effort to minimize future breaches, Nintendo has notified affected users and has forced a password reset. It does not appear that users with 2-Factor Authentication (2FA) were impacted.
In a statement posted on their website, Nintendo apologizes for the event and addresses future action plans:
“We sincerely apologize for any inconvenience caused and concern to our customers and related parties. In the future, we will make further efforts to strengthen security and ensure safety so that similar events do not occur.”
As of this writing, no word on how the breach occurred. Below are some tips, we strongly recommend to reduce your impact for future breaches:
Change Your Password
First and foremost, change your password whether or not you were impacted by the breach. Although the company stated that they identified the impacted accounts, it is always important to side on the error of caution.
Passwords should be at least 8 characters long, with at least 1 numeric, 1 uppercase letter, 1 lowercase letter and a symbol. Refrain from using common phrases like p@$$wOrd.
Important Note: If you have other accounts with the same username or email address using the same password such as a bank, social media, PayPal, Venmo or email accounts, change those passwords as well.
There is a reasonable chance that your information will be on the dark web for sale, allowing other attempts on different platforms.
Enable 2-Factor Authentication (2FA)
This may seem like a hassle but speaking from experience, this is a life saver. 2FA allows an extra layer of security when or if your password is compromised. When your password is used, the system will prompt for a security code sent to either your mobile device or email address.
Typically you will have 30 to 60 seconds to enter in the code to access your account. You can also set up notifications if this layer of security has failed which will give you a good indicator of compromise or heads up that you may be a victim of a data breach.
To learn more about 2FA, here is a link to Google Authenticator video by Dottotech.
Reduce Your Attack Surface
Having your profile connected to a variety of 3rd party social sites and tools likes Twitter, Instagram and Paypal is typically great until it isn’t.
Once your account has been compromised, it is possible that an unauthorized user can utilized those services inappropriately including sending malicious tweets, switch private profiles to public, make virtual transactions and more. These are the unintended consequences of a data breach.
Consider deactivating services within your profile that you do not actively utilize. This will reduce the amount of exposure you have to other services in the event an account is a contributing party to a data breach.
As stated in the prior section, it is good practice to have those platforms utilize 2FA as well. Like the great Bruce Dickinson once said, “[you] gotta have more cowbells. So explore the space” when it comes to adding security while using online platforms.
It is 2020 and we all can do a better job at keeping ourselves more secure. Take care and stay safe.