[BreachExchange] Nintendo Breach Affects 160,000 User Accounts

Destry Winant destry at riskbasedsecurity.com
Wed Apr 29 10:21:22 EDT 2020


Nintendo has begun restricting log-ins and resetting affected
passwords after admitting that as many as 160,000 accounts may have
been illegally accessed by hackers.

The Japanese gaming giant said it was disabling access to accounts via
the legacy Nintendo Network ID (NNID), which was associated with its
now-defunct Nintendo 3DS handsets and Wii U consoles.

That’s because, since the beginning of April, hackers have been using
NNIDs “obtained illegally by some means other than our service” to
access user accounts and buy digital items using stored cards.

Unauthorized third parties may also have been able to view personal
information including name, date of birth, gender, country/region and
email address.

Aside from doing away with NNID log-ins to Nintendo accounts, Nintendo
is resetting passwords that may have been used illegally.

The firm urged users not to share passwords across multiple accounts
and to check whether their bank cards may have been used fraudulently.

“Organizations need to pay attention to not only points of access in
production environments but also all their deprecated and development
endpoints,” said Cequence Security’s Jason Kent.

“These often-forgotten and unsecured APIs can be used by hackers to
gain side-door access into systems to achieve the same access to
confidential information and monetary gain as if they went through the
front door. Unfortunately, most organizations lack full visibility of
their APIs, making it a challenge to adequately secure them. "

Chris DeRamus, CTO of DivvyCloud, hypothesized that the attack may
have been the result of credential stuffing. The gaming industry
accounted for around 22% of attacks spotted by Akamai over a 17-month

“To prevent unauthorized access to accounts, users should diversify
passwords and usernames across different accounts, regularly change
those passwords and enable multi-factor authentication (MFA) when
possible for an extra layer of security,” he added.

More information about the BreachExchange mailing list