Hackers launch month-long attack on Nintendo, break into 24,000 game players’ accounts

MarioNintendo, the veteran games console maker, has admitted that hackers bombarded its Club Nintendo website with 15.46 million bogus login attempts between 9 June and 2 July 2013.

The attack, which resulted in 23,926 accounts being successfully accessed by the cybercriminals and personal information exposed, does not appear to have relied upon a security flaw in Nintendo’s site. Instead the security breach appears to have been achieved by a rudimentary brute-force attack – perhaps because users were using poorly-chosen passwords or were using passwords that have been used on previously hacked websites.

Fortunately, as in the recent attack against Ubisoft, the financial information of customers was not compromised. However, personal information such as names, addresses and phone numbers of Nintendo fans have been exposed.

What’s the point of breaking into accounts on a site like Club Nintendo?

Sign up to our free newsletter.
Security news, advice, and tips.

Well, not only could you potentially harvest yourself a database of names and email contact details for games players (which could later be used for socially-engineered phishing and malware campaigns), but these sites also incorporate loyalty card points systems which can be used in exchange for games-related merchandise.

The Register reports that Nintendo has reset the passwords of affected users, but victims would be wise to check that they are also not using the same password elsewhere.

What is perhaps most alarming is the length of time that the Club Nintendo website was being bombarded by attempts to break into customer accounts. It’s hard to imagine that a sustained attack like that could have gone unnoticed for nearly one month and suggests poor stewardship by Nintendo’s security team.

It’s the latest in a long line of bad news for Nintendo, which is suffering from poor sales of its Wii U console and appears to be losing momentum in the video games market against the likes of the Microsoft XBOX and the far less pricey casual games available for the Apple iTouch, iPhone and iPad.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.