Japanese video game company Nintendo reports new results from its investigation into user account hijackings that originally occurred in March. The company estimates that a total of about 300,000 user accounts have been compromised, writes Tom’s Guide, among others.
Nintendo's statement is in Japanese, but based on its machine translation, the company found 140,000 more compromised user accounts, compared to 160,000 already known, for a total of 300,000.
Users have complained about intrusions on Twitter, and some have been charged money for digital objects without their permission. It took Nintendo time to confirm that the accounts had actually been accessed without permission. Now those involved have been contacted and their passwords have been reset, Nintendo says.
It was possible for an intruder to see the owner's name, nickname, date of birth, gender, country or territory, and email address from the accounts. Nintendo estimates that false purchases were made in less than one percent of the accounts accessed without authorization. The money will be returned to the victims.
According to Nintendo, the credit card information has not been compromised. The company also does not believe it has been compromised. The perception is that the accounts were hacked with passwords obtained elsewhere. Perhaps they come from old hacks that have stolen user data. Criminals try to use the stolen credentials on other online services where the victim has used the same password.
At the same time, Nintendo apologizes for the incident and promises to improve the security of its service so that it does not happen again. Nintendo recommends enabling 2-Step Authentication to prevent password-only access to the user account.