Nintendo Reports 160,000 Accounts Breached in April

Nintendo Reports 160,000 Accounts Breached in April 2020

On April 24th, 2020 Nintendo Co., Ltd announced an unauthorized data breach of their online network, Nintendo Network ID (NNID).  This service is predominantly used by Nintendo 3DS and Wii U console owners.  

Approximately 160,000 accounts were impacted causing unauthorized access to personal information including email addresses, data of birth, country and Nicknames.  Although credit card numbers were not exposures, some users on social networks have reported unusual account access:

Twitter: @DreamBoum
Twitter: @pixelpar

In an effort to minimize future breaches, Nintendo has notified affected users and has forced a password reset.  It does not appear that users with 2-Factor Authentication (2FA) were impacted. 

In a statement posted on their website, Nintendo apologizes for the event and addresses future action plans:

“We sincerely apologize for any inconvenience caused and concern to our customers and related parties. In the future, we will make further efforts to strengthen security and ensure safety so that similar events do not occur.”

As of this writing, no word on how the breach occurred.  Below are some tips, we strongly recommend to reduce your impact for future breaches:

Change Your Password

First and foremost, change your password whether or not you were impacted by the breach.  Although the company stated that they identified the impacted accounts, it is always important to side on the error of caution.

Passwords should be at least 8 characters long, with at least 1 numeric, 1 uppercase letter, 1 lowercase letter and a symbol.  Refrain from using common phrases like p@$$wOrd.

Important Note:  If you have other accounts with the same username or email address using the same password such as a bank, social media, PayPal, Venmo or email accounts, change those passwords as well. 

There is a reasonable chance that your information will be on the dark web for sale, allowing other attempts on different platforms.

Enable 2-Factor Authentication (2FA)

This may seem like a hassle but speaking from experience, this is a life saver.  2FA allows an extra layer of security when or if your password is compromised.  When your password is used, the system will prompt for a security code sent to either your mobile device or email address.  

Typically you will have 30 to 60 seconds to enter in the code to access your account.  You can also set up notifications if this layer of security has failed which will give you a good indicator of compromise or heads up that you may be a victim of a data breach.

To learn more about 2FA, here is a link to Google Authenticator video by Dottotech.

Reduce Your Attack Surface

Having your profile connected to a variety of 3rd party social sites and tools likes Twitter, Instagram and Paypal is typically great until it isn’t.

Data Breach and Attack Surfaces

Once your account has been compromised, it is possible that an unauthorized user can utilized those services inappropriately including sending malicious tweets, switch private profiles to public, make virtual transactions and more. These are the unintended consequences of a data breach.

Consider deactivating services within your profile that you do not actively utilize. This will reduce the amount of exposure you have to other services in the event an account is a contributing party to a data breach.

As stated in the prior section, it is good practice to have those platforms utilize 2FA as well. Like the great Bruce Dickinson once said, “[you] gotta have more cowbells. So explore the space” when it comes to adding security while using online platforms.

It is 2020 and we all can do a better job at keeping ourselves more secure. Take care and stay safe.

To support this blog, this post may contain affiliate links. Please read our Privacy Policy for more information.

Drawing on over two decades of experience in the Information Technology industry, I have acquired a diverse range of roles that have shaped my distinctive outlook. Through this journey, I have developed into an accomplished authority in risk management, catering to Fortune 500 companies and small businesses on a global scale. Over the past 12 years, my primary focus has centered on empowering small business owners and insurance professionals to comprehend the ramifications of cyber incidents and effectively mitigate the risks associated with potential data breaches. My passion for cybersecurity has inspired me to create the Sage Knows IT blog. Through this platform, I aim to help small business owners and aspiring IT professionals understand the roadmap of the IT industry based on my experiences. Information Technology and Information Security are crucial for our future, and I hope my blog will motivate those who are interested in joining this ever-evolving field.

Related Posts

Title Image: AI Security Realities: Rethinking PII as the Sole Indicator

AI Security Realities: Rethinking PII as the Sole Risk Indicator

During a client meeting, I addressed misconceptions about cybersecurity, especially the notion that absence of PII equates to no risk. I discussed how cyber threats extend beyond data theft to include system vulnerabilities that could disrupt operations and impact users, citing the SolarWinds and New York Times attacks as examples. I explained that comprehensive assessments are crucial for understanding broader cybersecurity risks, not just those involving PII. Additionally, I highlighted the importance of protecting AI models from poisoning, underscoring the need for robust security measures in AI development.

10 Ways to Improve Your Math Skills for Cybersecurity

10 Ways to Improve Your Math Skills for Cybersecurity

As highlighted in our earlier discussion, The Intersection of Math and Cybersecurity, a solid grasp of mathematics is indispensable within the realm of cybersecurity. The specific demands…

The Intersection of Math and Cybersecurity - Does Cybersecurity Require Math?

The Intersection of Math and Cybersecurity

During my weekend exploration of a renowned Q&A platform, I unexpectedly encountered a question that left me intrigued. I couldn’t help but wonder if the original poster (OP) was playfully jesting or sincerely seeking knowledge. This curious moment brought forth a reminiscent smile as I recalled the age-old adage we all encountered during our early school years: “Math is fundamental to all endeavors.” However, an interesting twist emerged: Does this axiom extend its influence into the intricate realm of Cybersecurity?

Exploring the Apple MacBook Air M2: Performance, Display, and Real User Insights

The Apple MacBook Air 15.3-inch (M2 Chip) has burst onto the scene as a true gem in Apple’s collection, boasting an enticing fusion of chic aesthetics, robust performance, and impressive features. With its expansive Liquid Retina display, potent M2 chip, and a host of standout attributes, this laptop demands attention

Client Confidence Crisis: How Neglecting Security Practices Can Drive Customers Away

In today’s digital landscape, establishing an Information Systems Security Program (ISSP) is no longer optional but a crucial necessity for organizations. This blog post explores the vital importance of implementing an ISSP early on and understanding the factors that influence its establishment and modification. Senior management’s role in championing ISSPs is emphasized, as their buy-in and recognition of its significance set the tone for organizational security practices.

However, misconceptions and flawed reasoning often hinder the adoption of robust security measures. From the belief that “it will never happen to us” to relying solely on insurance coverage, these notions can prove detrimental to an organization’s security posture. Furthermore, assumptions that clients don’t care about security or that the cloud provides ultimate protection are debunked, shedding light on the evolving expectations and regulations surrounding data protection.

The ugly truth emerges as we delve into the constant threat of internet vulnerability scans and the risks organizations face when vulnerabilities are discovered. This post aims to dismantle these flawed mindsets, highlighting the need for a comprehensive security approach beyond insurance coverage and the importance of addressing vulnerabilities proactively.

Stay tuned for the upcoming parts of this conversation, where we will explore additional influential factors and provide insights into developing effective ISSPs. Together, let’s navigate the complex world of system security and ensure the protection of your organization’s invaluable assets.

Maximizing Email Security: Understanding the Importance of DKIM, SPF, and DMARC

Email is a crucial part of our daily lives, but unfortunately, it’s also a popular target for cybercriminals who use various tactics like spam, phishing, and spoofing to scam people. The FTC recently issued a warning to users of MetaMask and PayPal about phishing scams that are currently circulating through fake emails. The scam claims that the user’s cryptocurrency wallet has been blocked and encourages them to click a link and update their wallet to prevent the loss of their crypto. To protect email users from these threats, authentication protocols like DKIM, SPF, and DMARC are strongly recommended.