Commentaires

ihi
Nintendo says 140,000 more NNID accounts may have been illegally accessed

Nintendo says 140,000 more NNID accounts may have been illegally accessed

Chinese tutor Zhao plays a game on Nintendo Switch at his apartment in Beijing, China April 24, 2020. Picture taken April 24, 2020. REUTERS/Martin Pollard
Martin Pollard / Reuters

Nintendo shut down NNID logins back in April after it discovered hackers had compromised some 160,000 accounts using legacy credentials. Now, the company says that figure may have totalled 300,000. In a Japanese language statement posted today, Nintendo says that in continuing the investigation, it found “approximately 140,000 additional NNIDs that may have been accessed maliciously.” It also clarified that the issue was not the result of a direct Nintendo breach, but rather customers using the same passwords in multiple places. Those compromised on other platforms were likely sold or harvested from the dark web.

By taking advantage of vulnerabilities surrounding legacy accounts, hackers were able access newer accounts, and subsequently the PayPal funds associated with it. While credit card information was not directly accessible, hackers were able to exploit their access to these PayPal accounts to make fraudulent purchases. Details such as nicknames, email addresses and dates of birth were also potentially viewed by third parties.

Nintendo went straight to the source of the problem and shut down NNIDs completely, assuring customers that it would refund fraudulent purchases and — eventually — encouraging users to sign up to two-factor authentication. In today’s statement, Nintendo says that fewer than one percent of the NNIDs that may have been accessed worldwide, and while passwords for the additional 140,000 have been reset and their owners contacted, the company is “taking additional security measures.” It’s not specified exactly what these are, though.

Nintendo was hit with criticism for the way it originally handled the breach, with many accusing the company of not acting fast enough, and failing to provide proper guidance to those affected. But the conclusion that the issue stemmed largely from users’ repetitive password use is a teachable moment for everyone when it comes to practising good password hygiene.



from Engadget RSS Feed https://ift.tt/37eYceI
via IFTTT
© 2025 Memes