Nintendo says as many as 300,000 customer accounts were compromised in April, more than twice as many as originally reported by the company. The statement, issued Tuesday in Japanese, says that the massive breach was likely the result of customers using the same password in multiple places online. The announcement raises the number of accounts effected by 160,000.
This batch of Nintendo customer accounts was a ripe target for criminals. At least one Polygon staffer was impacted, and only noticed the breach after dozens of PayPal transactions for Fortnite currency began posting to their personal credit card. Account nicknames, dates of birth, country/region, email address, and gender information were all exposed in the breach.
Days after customers began reporting issues, Nintendo took the drastic step of disabling the ability to log into a Nintendo Account using a Nintendo Network ID (NNID) at all. The system has since been brought back online. In Tuesday’s statement, Nintendo says it is contacting the additional 140,000 affected users by email.
Everyone with a Nintendo account — or any online account, for that matter — is encouraged to use a strong password and to change it regularly. Nintendo also offers two-factor authentication. Instructions for how to set it up are available on the support page.
Vox Media has affiliate partnerships. These do not influence editorial content, though Vox Media may earn commissions for products purchased via affiliate links. For more information, see our ethics policy.