Official reports confirm that hackers accessed thousands of Nintendo accounts in April. On April 24, Nintendo said that 160,000 accounts were affected since the start of the month. The Japanese video game firm has so far resolved the weak points in its security.
Reports of the cybersecurity breaches were evident in the entire month as the users discovered strange account behaviour. Players said that funds got lost mysteriously from their accounts. Some users found illegal purchases of Fortnite’s virtual currency, V-bucks, on their account activity.
It is still unclear how much was stolen from this hack. Nonetheless, it represents a significant security risk. Globally, over 53 million people have Nintendo Switch.
That is not the company’s only console that has online functionality. Further exploitation of the system’s weaknesses could affect millions of users.
How it happened
Hackers breached Nintendo’s systems via a legacy system known as the Nintendo Network ID (NNID). The players used NNIDs to gain access to online content on the Wii U and 3DS that have since been discontinued.
Nintendo maintained support for the NNID system to enable the older players to log into newer consoles similarly.
Nintendo fell short of revealing how the hackers accessed NNIDs but said it did not happen from their services. The hackers gained access to the users’ Nintendo accounts through their NNIDs. The accounts hold information like PayPal credentials and credit card numbers for executing online purchases.
Besides financial data, users’ accounts have sensitive private information. Countries of residence, birthdays, and email addresses feature in the players’ Nintendo profiles.
Nintendo has suspended NNID support in response to that breach. Players now need to use their email addresses to access their Nintendo accounts. Additionally, the company also reset the passwords for the affected users and emailed them about that incident.
The company is also implementing extensive measures to boost security for users. Nintendo has urged players to set up two-step verification for accessing their accounts. The extra step comes in handy for anybody with password-protected accounts or documents since password theft is a common issue in current times.
Nintendo also said that they would enhance their security in the future. They never highlighted the steps that they would implement, but probably they will be testing for more vulnerabilities.
Nintendo is not the first company to fall victim to hackers in this manner. There were over 1,400 data breaches in 2019 alone, which exposed at least 164 million records and documents, according to Statista.com.
Nintendo’s data breach came from an overlookable weakness: legacy systems. Companies are advised to introduce new security measures continually, but they may not cover older parts of the company’s process. Thus, any security upgrade that does not cover legacy hardware and software is incomplete.
Random penetration testing may be needed to discover any gaps in security. Nintendo probably never considered how the NNID system could turn into a vulnerability until the breach happened.
The Nintendo hacking also highlights the necessity for multi-factor authentication. Without such authentication, hackers may only need a password to access your systems.
Companies need to implement ever-adapting cybersecurity measures to protect their data and that of their clients. If Nintendo had taken more well-rounded steps as it expanded its business model, the breach might not have happened.