Enable two-factor authentication, reset your passwords
In case you haven’t noticed, there’s been a saga unfolding over the past few weeks regarding the sanctity of pretty much everyone’s Nintendo/Switch Online accounts.
Slowly but surely, folks have been reporting unauthorized access to their accounts, either via straight logins, or other chicanery like extraneous purchase activity. After an investigation, Nintendo acknowledged the situation a few days ago, but now thanks to an official statement from their Japanese arm, we have a clear idea of what’s happening. In short, more than 160,000 accounts have been compromised. Here’s the rub.
Obviously, your account could have been included in that batch, and you likely already got a notification that someone has logged into your account. Log in now, click the “log out all devices” option, reset your password, and enable two-factor authentication. If anyone purchased items without your knowledge, you can contact Nintendo to get those purchases canceled. Also consider just dropping a saved payment option from your account entirely.
To verify if anyone used your account, check your login history within the Nintendo account interface. It’s under “Sign-in and security settings.” Clicking the link to check your sign-in history is also the means in which you can sign out on all devices. If you didn’t get a notification and seemingly aren’t impacted: change your password so that it’s unique to your Nintendo account and enable two-factor authentication anyway.
So what was accessed? Thanks to a translation from Twitter user Robert Sephazon, we have a clearer idea. Nintendo notes that “private information that may have been accessed by a third party” includes your nickname, date of birth, country/region and email address (as well as your full name and gender in some cases, if they accessed your Nintendo account rather than just your ID). No credit card information was released as part of the breach, according to Nintendo. You can find a UK statement on the situation here.
The date of birth and email address leaks are really what’s troubling here. If you aren’t familiar with the term “phishing” or the practice of “social engineering,” it’s very easy to gain access to a number of other accounts from a single mark once that information has been obtained. If you were impacted, consider using a unique email for your Nintendo account, or other major accounts you have access to as needed. It’s a little annoying without a password tool to keep track of it all, but it could save your bacon.
Good luck out there! The internet can be a dangerous place, so protect yourself as best you can.