clock menu more-arrow no yes mobile

Filed under:

Nintendo reports 300,000 customer accounts were illegally accessed in April

Tuesday’s announcement raises the number by 160,000

If you buy something from a Polygon link, Vox Media may earn a commission. See our ethics statement.

Super Mario Odyssey - shocked Mario Image: Nintendo EPD/Nintendo

Nintendo says as many as 300,000 customer accounts were compromised in April, more than twice as many as originally reported by the company. The statement, issued Tuesday in Japanese, says that the massive breach was likely the result of customers using the same password in multiple places online. The announcement raises the number of accounts effected by 160,000.

This batch of Nintendo customer accounts was a ripe target for criminals. At least one Polygon staffer was impacted, and only noticed the breach after dozens of PayPal transactions for Fortnite currency began posting to their personal credit card. Account nicknames, dates of birth, country/region, email address, and gender information were all exposed in the breach.

Days after customers began reporting issues, Nintendo took the drastic step of disabling the ability to log into a Nintendo Account using a Nintendo Network ID (NNID) at all. The system has since been brought back online. In Tuesday’s statement, Nintendo says it is contacting the additional 140,000 affected users by email.

Everyone with a Nintendo account — or any online account, for that matter — is encouraged to use a strong password and to change it regularly. Nintendo also offers two-factor authentication. Instructions for how to set it up are available on the support page.

Vox Media has affiliate partnerships. These do not influence editorial content, though Vox Media may earn commissions for products purchased via affiliate links. For more information, see our ethics policy.

Sign up for the newsletter Sign up for Patch Notes

A weekly roundup of the best things from Polygon