Nintendo warns 300,000 accounts have been hacked since early April

Stop reusing passwords, and enable two-step verification.

Nintendo admits 300,000 accounts have been hacked since early April
Video gaming firm Nintendo has warned customers to not reuse passwords on different services after releasing an increased tally of compromised accounts.

Back in April the firm first reported that it had identified 160,000 compromised accounts. Now, in an update, following an investigation by the firm, Nintendo revealed that it was adding an extra 160,000 – bringing the total to 300,000.

It seems the hackers were able to gain access to the accounts because they used the simple technique of using credentials that had previously been exposed through other data breaches.

That’s why it’s so important not to use the same password on your Nintendo account as your LinkedIn account, or Myspace account, or Zynga account… or indeed any other online account.

In short, this wouldn’t be fair to describe as a failing on Nintendo’s part. The problem lies with users who have made the mistake of not following password best practices.

According to the company, whoever compromised the Nintendo Network ID (NNID) accounts would have been able to access personal information such as email addresses, genders, nickname, region or country, and dates of birth, but not customers’ payment card details.

Sign up to our free newsletter.
Security news, advice, and tips.

NNID accounts were introduced with the Wii U and Nintendo 3DS, but later migrated to Nintendo accounts so that they could be used to make purchases from the company’s online store.

Nintendo say it is in the process of refunding affected customers, said to number less than 1% of all NNID accounts in existence.

In addition, Nintendo has announced that it will no longer allow users to log into a Nintendo account via NNID.

My advice? You should never reuse passwords on the internet.

Instead, use a password manager that generates long, complex, and unique passwords for you… and then stores them securely.

Oh, and also enable two-step verification on your Nintendo account.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Nintendo warns 300,000 accounts have been hacked since early April”

  1. Trevor

    I use a different DOB on every non financial site and then record that date in my password manager (keepass).
    It is nothing more than an "ID Check" for authentication checks anyway. Not much different than you mothers' maiden name.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.