It’s a perfect time for people to compromise accounts
[Update: Nintendo has provided a statement to VGC regarding the surge in unauthorized logins, and has acknowledged the situation directly, stating: “We are aware of reports of unauthorized access to some Nintendo Accounts and we are investigating the situation. In the meantime, we recommend that users enable two-step verification for their Nintendo Account as instructed here. If any users become aware of unauthorized activity, we encourage them to take the steps outlined [here] or visit [here] for general support.]
[Update #2: Nintendo confirmed on their official site this week that “160,000” additional accounts have been compromised to date. This is on top of the 140,000 figure previously provided. Please follow the below instructions to ensure your account is secure. Nintendo reports that “less than 1%” of accounts have been impacted, and that account password resets and refunds are already underway.]
It’s a crazy time right now, and it can be really tough to find a Switch if you don’t have one already. As it turns out, it can also be tough to keep your current Switch secure.
As of this past week, several folks have been reporting unauthorized access to their Switch accounts. Eurogamer reports that one of their staff members have been impacted, and I can confirm that a Destructoid staff member has received an unauthorized login as well.
As usual, it’s recommended that you do not attach a saved payment method to your account (some users reported that they had money stolen during the aforementioned logins, with lots of activity centering around Fortnite), and enable 2-factor authentication. If you’re not familiar with the concept, 2-factor authentication is essentially a second way to ensure secure logins, typically via SMS text (Nintendo uses Google Authenticator presently). I also recommend that you log into your Switch account online and select the option to log off every device as soon as possible just in case.
Without confirming a potential data breach or specifically mentioning the increase in account hacks, Nintendo nonchalantly reminded Switch users to enable 2-step verification earlier this month. You can find those instructions here and below. Do it! Even folks with unique and complex passwords are reporting unauthorized logins.
You can help secure your Nintendo Account by enabling 2-Step Verification.
— Nintendo of America (@NintendoAmerica) April 9, 2020
How to enable 2-factor authentication for a Nintendo account:
- Go to the Nintendo Account website and sign in to your Nintendo Account.
- Select Sign-in and security settings, then scroll down to 2-Step Verification and click Edit.
- Click 2-Step Verification settings.
- Click Send email to have a verification code sent to the email address on file. If the email address is incorrect, click the Email address menu setting under User Info to change it.
- Enter the verification code from the email, then Submit.
- Install the Google Authenticator app on your smart device. This is a free app, available through Google Play (Android) and the App Store (iOS).
- Use the smart device app to scan the QR code displayed on your Nintendo Account screen.
- A 6-digit verification code will appear on your smart device. Enter the verification code into the field under step 3 on the Nintendo Account screen, then Submit.
- A list of backup codes will appear. Click Copy to copy all the codes, then paste them somewhere safe. A backup code will be required to log in if you don’t have access to the Google Authenticator app. MAKE SURE TO KEEP THESE SOMEWHERE SAFE. You can use these (one time each) if you do not have access to the Google Authenticator app.
- Click I have saved the backup codes, then OK. Once set, you can return to the 2-step verification settings section to review the backup codes and remove the 2-step restriction.