• Home
  • cyber
  • Nintendo: SHADOWBYT3$ Claims Breach of Nintendo, Alleges Data Theft
cyber Cyber Attack

Nintendo: SHADOWBYT3$ Claims Breach of Nintendo, Alleges Data Theft

Jun 15, 2026 2 min read
Nintendo: SHADOWBYT3$ Claims Breach of Nintendo, Alleges Data Theft

SHADOWBYT3$ Claims Cyberattack on Nintendo via TINYpulse HR Platform

The extortion-as-a-service (EaaS) group SHADOWBYT3$ has publicly claimed responsibility for a cyberattack targeting Nintendo, alleging the theft of 859 MB of sensitive employee data from the company’s use of the HR engagement platform TINYpulse. The breach, disclosed between June 12–13, 2026, includes a $2 million ransom demand, with threats to leak the data if payment is not received.

Unlike typical attacks on gaming infrastructure, SHADOWBYT3$ exploited a third-party SaaS provider TINYpulse to access employee personally identifiable information (PII), financial documents, and internal HR communications. The stolen dataset reportedly includes:

  • Full employee names, email addresses, and IDs
  • Bank statement PDFs and W-9 tax forms
  • Engagement surveys, analytics reports, and progress plans
  • Private employee sentiment data, including workplace discussions and engagement rankings (2016–2026)

The group emphasized that the breach does not impact Nintendo’s gaming operations, affecting only employees who used TINYpulse. After Nintendo declined to engage, SHADOWBYT3$ shifted its demand to TINYpulse, extending the deadline to June 16, 2026, and requesting contact via Telegram or email.

Operating under an EaaS model, the group’s strategy mirrors Ransomware-as-a-Service (RaaS), targeting supply chain vulnerabilities to maximize data exposure while minimizing detection risks. As of publication, neither Nintendo nor TINYpulse has confirmed the breach, leaving the incident unverified with an ESIX© severity score of 5.60. The attack highlights a growing trend of threat actors exploiting SaaS integrations to bypass enterprise defenses.

Source: https://cyberpress.org/shadowbyt3-claims-breach-nintendo/

Nintendo TPRM report: https://www.rankiteo.com/company/nintendo

"id": "nin1781519336",
"linkid": "nintendo",
"type": "Cyber Attack",
"date": "6/2026",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'customers_affected': 'Employees using TINYpulse',
                        'industry': 'Gaming',
                        'name': 'Nintendo',
                        'type': 'Corporation'},
                       {'industry': 'Human Resources',
                        'name': 'TINYpulse',
                        'type': 'SaaS Provider'}],
 'attack_vector': 'Third-party SaaS provider (TINYpulse)',
 'data_breach': {'data_exfiltration': 'Yes',
                 'file_types_exposed': ['PDF (bank statements, W-9 tax forms)',
                                        'Engagement surveys',
                                        'Analytics reports',
                                        'Progress plans'],
                 'personally_identifiable_information': ['Full employee names',
                                                         'Email addresses',
                                                         'Employee IDs',
                                                         'Workplace '
                                                         'discussions',
                                                         'Engagement rankings'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)',
                                              'Financial documents',
                                              'Internal HR communications']},
 'date_detected': '2026-06-12',
 'date_publicly_disclosed': '2026-06-13',
 'description': 'The extortion-as-a-service (EaaS) group SHADOWBYT3$ has '
                'publicly claimed responsibility for a cyberattack targeting '
                'Nintendo, alleging the theft of 859 MB of sensitive employee '
                'data from the company’s use of the HR engagement platform '
                'TINYpulse. The breach includes personally identifiable '
                'information (PII), financial documents, and internal HR '
                'communications. The group demanded a $2 million ransom and '
                'threatened to leak the data if payment is not received.',
 'impact': {'data_compromised': '859 MB of sensitive employee data',
            'identity_theft_risk': 'High (PII exposed)',
            'operational_impact': 'No impact on Nintendo’s gaming operations',
            'payment_information_risk': 'High (bank statement PDFs and W-9 tax '
                                        'forms exposed)',
            'systems_affected': 'TINYpulse HR platform'},
 'initial_access_broker': {'entry_point': 'TINYpulse HR platform'},
 'investigation_status': 'Unverified',
 'lessons_learned': 'Growing trend of threat actors exploiting SaaS '
                    'integrations to bypass enterprise defenses',
 'motivation': 'Financial gain (ransom demand)',
 'post_incident_analysis': {'root_causes': 'Supply chain vulnerability in SaaS '
                                           'integrations'},
 'ransomware': {'data_exfiltration': 'Yes', 'ransom_demanded': '$2,000,000'},
 'references': [{'source': 'ESIX© severity score'}],
 'threat_actor': 'SHADOWBYT3$',
 'title': 'SHADOWBYT3$ Claims Cyberattack on Nintendo via TINYpulse HR '
          'Platform',
 'type': 'Extortion-as-a-Service (EaaS)',
 'vulnerability_exploited': 'Supply chain vulnerability in SaaS integrations'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.