Japanese gaming giant Nintendo has admitted that an additional 140,000 user accounts were accessed by unauthorized means, pushing the number up to about 300,000. Hackers gained access to user accounts in April, obtaining personal information such as birthdays and email addresses, but not credit card details.
An initial hack in April compromised 160,000 accounts and a further 140,000 breaches have been discovered since then, the Kyoto-based firm said in a statement released late Tuesday.
The blog post by Nintendo, which is in Japanese, but translated to English, states that the hackers gained access to Nintendo accounts via NNID – which stands for a Nintendo Network ID, and is different from a Nintendo account.
NNID is used to make purchases on the Wii U and 3DS, while a Nintendo account is needed to make purchases on the Switch. But many players have both accounts linked to each other to allow them to combine eShop funds across devices.
According to Nintendo, a small fraction of NNIDs may have been illegally accessed and used to make unauthorized purchases. The company said it would reimburse customers for the purchases.
Nintendo has been enjoying a strong showing from its popular Switch console and blockbuster games including “Animal Crossing”, with demand boosted by players stuck at home because of the coronavirus pandemic.
The company stated that it has reset the passwords for these 140,000 accounts and the Nintendo accounts that were linked with them, and contacted the customers separately, in addition to other security measures.