Nintendo fixes Wii U network after claims of accidental hack

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Just hours after the US launch of Nintendo’s latest game console, the Wii U, a video game fan claims that he accidentally “hacked” into the console’s online component – the Miiverse.

Miiverse

A Wii U user called “Trike” posted on NeoGAF that he had stumbled across a secret debug menu in the Miiverse that gave him access to a Japanese language list of administrators, with seemingly the ability to regenerate passwords and delete the access rights of admins.

"At first it asked me to sign in, because my login information didn't match. Then I pressed a button and it sent me to a list of admins anyway. They had buttons in the same row as the names, and I could "regenerate password" or "Delete Admin" or something along those lines. I didn't do it it because I didn't want to risk getting my god damn Wii U banned on day 1."

Sign up to our free newsletter.
Security news, advice, and tips.

"What should I do with this information? Is there anyway I can contact Nintendo about this directly without going through their customer service email crap? Should I let everyone know how to do it? Am I an idiot and this is already well known somehow? I can post pics, but they are going to have to be shitty cellphone pictures. Unless The Wii U has a built in snapshot thing."

“Trike” accompanied his forum post with a series of snapshots of his next generation console accessing the underbelly of the Miiverse, as proof of the apparent security breach.

Debug menu on Wii U

“Trike” also claimed he could view private messages posted by others, and discovered subforums that appeared to be about upcoming (and, as yet, unannounced) games such as “Yoshi’s Island Wii U”.

Just how much damage a malicious hacker could have done by gaining access to administrator’s menus on the Nintendo Miiverse is unclear, but it’s certain that it shouldn’t be simple for a user to stumble across the network’s inner workings.

Fortunately, the security loophole appears to have now been fixed, and “Trike” pointed to a tweet from Nintendo’s USA wing announcing that they were conducting maintenance on the site.

Is the apparent security snafu damaging to Nintendo? Probably not. They appear to have resolved the issue quickly, and there is no suggestion that sensitive information was stolen from users, unlike last year’s Sony PlayStation network hack where hackers stole the personal data of millions of people.

Of course, that’s no reason for complacency. Nintendo and other companies need to treat security and privacy as a priority, or risk generating headlines that will be harmful to their brands and put their customers at risk.

Hat-tip: NeoGAF via ZDNet.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.