Back in April, Nintendo confirmed that approximately 160,000 users had their accounts hacked. At the time, the company encouraged people to enable two-factor authentication and emailed individual customers who had been affected that it was resetting their Nintendo Network IDs (NNID). Now, after further investigation, Nintendo says an additional 140,000 accounts have been affected.
In a Japanese statement, Nintendo says that it has already reset the password for the additional 140,000 NNIDs, as well as the Nintendo accounts associated with them. Nintendo also said that it was simultaneously taking additional security measures, but did not specify what those were.
“Less than one per cent of NNIDs globally that were potentially hacked were potentially traded fraudulently via a Nintendo account,” the statement, roughly translated, reads. “We are currently still in the process of refunding customers worldwide [for illegal purchases], but most customers have already been refunded.”
As with the first batch, the potentially exposed leaked data includes things like username, gender, date of birth, location, and email address. Nintendo maintains that no credit card information would have been viewable. It also contends that rather than a direct breach, this may have been an instance exacerbated by users re-using passwords for multiple accounts.
Nintendo was criticised for its initial response to the leaks, with many accusing the company of being slow to respond. Users reportedly began complaining of hacked accounts in mid-March with more and more users complaining by mid-April. However, Nintendo didn’t officially address the issue until April 24, even though the company it said became aware of compromised accounts at the beginning of April. Nintendo also cryptically tweeted that users could enable 2FA on April 9, but did not at that time disclose why it was encouraging users to do so.
Given the additional leaks, it’s a good reminder that you should absolutely take the time to review your password hygiene — even if you didn’t get an email from Nintendo. You can also enable 2FA on your Nintendo account by accessing your account page, and then selecting “2-Step Verification settings” under the “Sign-in and security settings” menu. Nintendo also has a handy guide up on its support page. And for the heck of it, we encourage you for the billionth time to get a password manager, because this nonsense will keep happening so long as people continue to engage in bad security habits.