The Nintendo company’s investigation initially suggested that 160,000 users’ accounts were compromised. On reviewing the site and damages, the numbers went up with an additional 140,000; bringing the total number of compromised accounts to 300,000.
Investigations come in handy especially amid a hack. It helps us understand the vulnerabilities and curtail further exploits.
The attack seems to have been initiated in early March when users noticed unauthorized logins on their accounts.
Following these complaints, Nintendo dropped a tweet in April, advising users on the importance of the two-step authentication; but neglected to say why this was important.
Two extra weeks passed before the Japanese gaming giants fessed up to the reason behind the tweet. They admitted that users’ accounts had been illegally accessed.
Data breached include personal details of users like users’ names, date of birth, country of origin, etc.
The company has maintained its stance, stating that a few accounts (less than 1%) were affected by the breach. It also said that the hacked passwords have all been replaced by stronger ones to prevent further attacks.
Asides stating that “hackers got access to accounts by obtaining account passwords by some means other than the company’s service.” Nintendo is tight-lipped about the method of attack.
The statement and absence of details suggest that the hacks might have been as a result of negligence on the part of the users. It could have been in the form of a weak password, or maybe reusing a password associated with other accounts of the user that might have been previously breached by hackers. This implied negligence could have made the users’ accounts accessible to hackers.
Users who are yet to activate the two-step authentication do not need further nudging as recent events speak for itself.