cyber Cyber Attack

Nintendo

May 11, 2023 1 min read
Nintendo

Video gaming firm Nintendo warned its customers to not reuse passwords on different services after releasing an increased tally of compromised accounts.

Back in April the firm first reported that it had identified 160,000 compromised accounts. Now, in an update, following an investigation by the firm, Nintendo revealed that it was adding an extra 160,000 – bringing the total to 300,000.

The hackers were able to gain access to the accounts because they used the simple technique of using credentials that had previously been exposed through other data breaches.

Whoever compromised the Nintendo Network ID (NNID) accounts would have been able to access personal information such as email addresses, genders, nicknames, regions or countries, and dates of birth, but not customers’ payment card details.

Source: https://grahamcluley.com/nintendo-300000-accounts-have-been-hacked/

TPRM report: https://scoringcyber.rankiteo.com/company/nintendo

"id": "nin2136123",
"linkid": "nintendo",
"type": "Data Leak",
"date": "06/2020",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"
{'affected_entities': [{'customers_affected': '300,000',
                        'industry': 'Video Gaming',
                        'location': 'Global',
                        'name': 'Nintendo',
                        'size': 'Large',
                        'type': 'Company'}],
 'attack_vector': 'Credential Stuffing',
 'customer_advisories': 'Public Advisory',
 'data_breach': {'number_of_records_exposed': '300,000',
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'Medium',
                 'type_of_data_compromised': ['Email addresses',
                                              'Genders',
                                              'Nicknames',
                                              'Regions or countries',
                                              'Dates of birth']},
 'date_detected': 'April 2020',
 'date_publicly_disclosed': 'April 2020',
 'description': 'Nintendo warned its customers not to reuse passwords after '
                'identifying 300,000 compromised accounts. Hackers used '
                'credentials from previous data breaches to gain access to '
                'personal information.',
 'impact': {'brand_reputation_impact': 'Moderate',
            'data_compromised': ['Email addresses',
                                 'Genders',
                                 'Nicknames',
                                 'Regions or countries',
                                 'Dates of birth'],
            'identity_theft_risk': 'Moderate',
            'payment_information_risk': 'None'},
 'initial_access_broker': {'entry_point': 'Credential Stuffing'},
 'investigation_status': 'Completed',
 'lessons_learned': 'Users should not reuse passwords across different '
                    'services.',
 'motivation': 'Data Theft',
 'post_incident_analysis': {'corrective_actions': 'Customer Advisory to not '
                                                  'reuse passwords',
                            'root_causes': 'Reused Passwords'},
 'recommendations': 'Implement stronger password policies and multi-factor '
                    'authentication.',
 'response': {'communication_strategy': 'Customer Advisory'},
 'title': 'Nintendo Account Compromise',
 'type': 'Account Compromise',
 'vulnerability_exploited': 'Reused Passwords'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.