Cyber Attack cyber

Nintendo

Jun 16, 2020 2 min read
Nintendo

Nintendo confirmed unauthorized modifications to **external servers** by the **Crimson Collective** hacking group, a financially motivated threat actor known for extortion-based attacks. The group claimed to have breached internal systems, sharing an unverified screenshot of directories like *‘nintendo-topics’*. However, Nintendo denied any compromise of **sensitive, personal, or developmental data**, stating no evidence of deeper infiltration into internal networks or customer impact. The incident follows previous cybersecurity challenges, including a **2020 credential stuffing attack** affecting 300,000 accounts and **phishing campaigns** in 2024. While the hackers’ claims suggest potential data access, Nintendo’s response indicates the attack was **limited to external-facing servers**, with no confirmed exfiltration of critical information. The discrepancy between the hackers’ assertions and Nintendo’s denial highlights a trend in **ransomware/extortion tactics**, where adversaries exaggerate breaches to pressure victims. Users were advised to enable **2FA** and monitor accounts for suspicious activity.

Source: https://cyberinsider.com/nintendo-admits-server-tampering-incident-denies-data-breach/

TPRM report: https://www.rankiteo.com/company/nintendo

"id": "nin23102023101725",
"linkid": "nintendo",
"type": "Cyber Attack",
"date": "6/2020",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"
{'affected_entities': [{'customers_affected': 'none reported',
                        'industry': 'video game development and hardware',
                        'location': 'Kyoto, Japan (global operations)',
                        'name': 'Nintendo Co., Ltd.',
                        'size': 'large (multinational)',
                        'type': 'corporation'}],
 'attack_vector': ['cloud infrastructure compromise', 'extortion-based attack'],
 'customer_advisories': ['No evidence of customer data compromise.',
                         'Recommendations for account security (passwords, '
                         '2FA, monitoring).'],
 'data_breach': {'data_exfiltration': 'unverified (claimed by Crimson '
                                      'Collective, denied by Nintendo)'},
 'date_detected': '2025-10-11',
 'date_publicly_disclosed': '2025-10-11',
 'description': 'Nintendo acknowledged unauthorized modifications to external '
                'servers following claims of a cyberattack by the Crimson '
                'Collective hacking group. The company maintains that no '
                'sensitive data, personal or developmental, was compromised. '
                'The incident was first reported on October 11, 2025, by '
                'cybersecurity firm Hackmanac, which posted evidence '
                '(unverified) of internal Nintendo directories accessed by the '
                'group. Crimson Collective, known for financially motivated '
                'extortion-based attacks, previously breached Red Hat. '
                'Nintendo confirmed alterations to external servers displaying '
                'parts of its website but found no evidence of deeper '
                'infiltration or customer impact.',
 'impact': {'brand_reputation_impact': 'potential (due to public claims and '
                                       'media coverage)',
            'operational_impact': 'limited (no evidence of deeper '
                                  'infiltration)',
            'systems_affected': ['external servers (displaying parts of '
                                 'Nintendo website)']},
 'initial_access_broker': {'high_value_targets': ['cloud infrastructure',
                                                  'external servers']},
 'investigation_status': 'ongoing (Nintendo denies data compromise; hacker '
                         'claims unverified)',
 'motivation': 'financial (extortion)',
 'ransomware': {'data_exfiltration': 'unverified'},
 'recommendations': ['Use unique, long passwords for Nintendo accounts.',
                     'Enable two-factor authentication (2FA).',
                     'Monitor account activity for unusual logins or '
                     'unauthorized purchases.'],
 'references': [{'date_accessed': '2025-10-11',
                 'source': 'Hackmanac (via X/Twitter)',
                 'url': 'https://t.co/kJbN062Yq3'}],
 'response': {'communication_strategy': ['public statement denying data '
                                         'compromise',
                                         'media responses'],
              'containment_measures': ['investigation of unauthorized server '
                                       'modifications'],
              'incident_response_plan_activated': True},
 'threat_actor': 'Crimson Collective',
 'title': "Unauthorized Modifications to Nintendo's External Servers by "
          'Crimson Collective',
 'type': ['unauthorized access',
          'server modification',
          'potential data breach (unverified)']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.