Hackers launch month-long attack on Nintendo, break into 24,000 game players’ accounts

Mario Nintendo, the veteran games console maker, has admitted that hackers bombarded its Club Nintendo website with 15.46 million bogus login attempts between 9 June and 2 July 2013.

The attack, which resulted in 23,926 accounts being successfully accessed by the cybercriminals and personal information exposed, does not appear to have relied upon a security flaw in Nintendo’s site. Instead the security breach appears to have been achieved by a rudimentary brute-force attack – perhaps because users were using poorly-chosen passwords or were using passwords that have been used on previously hacked websites.

Fortunately, as in the recent attack against Ubisoft, the financial information of customers was not compromised. However, personal information such as names, addresses and phone numbers of Nintendo fans have been exposed.

What’s the point of breaking into accounts on a site like Club Nintendo?

Sign up to our free newsletter.
Security news, advice, and tips.

Well, not only could you potentially harvest yourself a database of names and email contact details for games players (which could later be used for socially-engineered phishing and malware campaigns), but these sites also incorporate loyalty card points systems which can be used in exchange for games-related merchandise.

The Register reports that Nintendo has reset the passwords of affected users, but victims would be wise to check that they are also not using the same password elsewhere.

What is perhaps most alarming is the length of time that the Club Nintendo website was being bombarded by attempts to break into customer accounts. It’s hard to imagine that a sustained attack like that could have gone unnoticed for nearly one month and suggests poor stewardship by Nintendo’s security team.

It’s the latest in a long line of bad news for Nintendo, which is suffering from poor sales of its Wii U console and appears to be losing momentum in the video games market against the likes of the Microsoft XBOX and the far less pricey casual games available for the Apple iTouch, iPhone and iPad.

Found this article interesting? Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.