-
Ever wanted an RSS feed of all your favorite gaming news sites? Go check out our new Gaming Headlines feed! Read more about it here.
-
We have made minor adjustments to how the search bar works on ResetEra. You can read about the changes here.
My Nintendo account got hacked and charges were made through Paypal, what do I do?
- Thread starter KoolAid
- Start date
Contact Nintendo support first of all. You'll probably get your account banned if you charge them back.
Also if you used that password anywhere else, update it immediately. Its probably where this "hack" came from.
Also if you used that password anywhere else, update it immediately. Its probably where this "hack" came from.
Contact Nintendo support.
And set up two-factor authentication so it doesn't happen again.
And set up two-factor authentication so it doesn't happen again.
That too.
Don't cancel the payments. Contact Nintendo first.
And absolutely do this too.
Do Nintendo Accounts support 2FA?
Just wondering how they made purchases with your Paypal account since they'd most likely need to log into that as well? Did you share passwords between your Nintendo account and your Paypal account?
I know Nintendo accounts support the Google Authenticator, at least. So, do that.
OP
OP
My paypal account was linked to the Nintendo one, so I guess they could make payments without going through it? I unlinked it now, also unlinked a bunch of networks and activated 2FA. It's midnight now here in Spain but I hope tomorrow I can get an answer
Thanks for the replies everyone - I had no idea 2FA was supported (and I enable whenever I can).
Not too surprising, they're not very vocal about it. IIRC the only place it's mentioned is the account settings when logged into their actual website.
Contact PayPal first of all if they can't cancel them they should be able to sop
Payments being made. Then contact your bank and see if they can cancel they payments.
Once you've done that if you can't recover your nintendo account try contacting there support and letting them know the details.
Payments being made. Then contact your bank and see if they can cancel they payments.
Once you've done that if you can't recover your nintendo account try contacting there support and letting them know the details.
You can also adjust it so that you have to enter the 2FA Code before you can enter the Nintendo eShop.
A friend of mine had the same problem. Then I found another one who helped my friend. Paypal wont do anything. He claims the payments were authorized. Then he sent an email to nintendo support, and without any answer he got refunded by nintendo both charged. They where 130€ and 70€
This literally just happened to me this morning too. I contacted Nintendo Support through their chat line and they're getting it all sorted out for me over the next couple days. I enabled 2FA on both my Nintendo and PayPal accounts, neither of which I knew supported 2FA previously, and changed both passwords.
This is terrible advice and might get him banned from Nintendo and lose all his digital games etc.
First, contact Nintendo.
Paypal and especially the Bank should be treated as a last resort.
When I first entered the Nintendo eShop with 2FA enabled on my Nintendo Account the Nintendo eShop asked me to enter the 2FA Code how it was supposed to, and then there was an option to select if I wanted to enter the 2FA Code everytime before I can enter the Nintendo eShop or not. I selected then that I want to enter the 2FA Code always before it's possible to enter the Nintendo eShop.
If you didn't had 2FA enabled the first time you entered the Nintendo eShop, than you can activate it somewhere in the Nintendo eShop.
Last edited:
To be fair, the Google Authenticator can only be installed on an Android or iPhone device, so it's always going to be on your phone. The encryption verification code is literally the same as sending an SMS text to your phone number, but a bit more secure.
until my phone breaks and its a pain in the ass to decouple it for a new phone.
Unfortunately, sufficiently dedicated jerks out there have figured out ways around SMS-based 2FA (spoofing SIM cards, calling in to phone providers to claim that they're transferring the number to a new phone). Odds are they wouldn't do that for a Nintendo account, but app- and physical-token-based 2FA has an edge on that front.
(Also, sending text messages would cost them money)
There's usually a way to get "backup codes." I take screenshots of all of these and keep them in a separate folder in my Documents folder just in case "my phone breaks."
Google Authenticator codes are compatible with Authy which has a Windows port. Authy also allows you to generate codes on multiple devices which is pretty handy. Google Authenticator only allows a single install so you can get in trouble if you lose your device.
My point of view was from the risk of someone being able to spend more money worst case with nintendo is you could contact them about it should they ban the account.
at the very least you should remove PayPal from said account until you've gotten it secure.
Contact Nintendo to alert them. Then contact PayPal.
And yeah, set up some form of two-factor authorization.
And yeah, set up some form of two-factor authorization.
I honestly thought Nintendo didn't have 2FA options, so thanks for making me aware of this, I flipped it on.
While I'm not the biggest fan of Google Authenticator, I'm already forced to use it for Uplay, so I already have it so whatever. Better than nothing.
While I'm not the biggest fan of Google Authenticator, I'm already forced to use it for Uplay, so I already have it so whatever. Better than nothing.
SMS-based 2FA is insecure and should not be used if there is an alternative.
I believe Authy supports cloud backups which can be transferred to a new device.
Every time you make a purchase, and your default paying method is PayPal, you also have to login to PayPal.
yeah, I just did this and Nintendo gives you backup codes that are only usable once
I must be confusing it with PS4, then. On PSN you have to login every time, and apparently Nintendo should do the same.
Don't really want to reply to a warned post, but these threads are a good reminder for all of us to keep an eye out for this stuff. I in fact like people posting these every so often to remind me.
As others said, contact Nintendo, they'll point you in the right direction and then after all that's done, turn on 2FA. I should really turn it on myself...
Nah if you linked a Paypal to PSN it also goes trough without login to paypal every time. At least for me
Just yesterday I made a purchase with PayPal and it asked me for the login, and it was my default paying method for months.
Maybe through the console itself it doesn't require login? I usually buy from the phone/PC.
Again, make sure to not use the same password across multiple sites. Get a password manager like LastPass, Dashlane, or 1pass. It cannot be stressed enough that if you are hacked once and your accounts share passwords, literally all of those accounts are at major risk of breaches.
There are other apps that can generate OTP without linking it to a specific device. 1Password has it, and I can generate codes from my phone, watch, laptop, work computer, etc.
Google Authenticator is just Google's implementation of the TOTP protocol; anything that supports that will work.
Much more secure than SMS-based authentication too.
Hey OP,
once you are done contacting PayPal and Nintendo, go on this site:
https://haveibeenpwned.com/
Punch in the Email that was linked to the compromised Nintendo account.
If you get a hit, change your password EVERYHWERE.
If you don't get a hit, be careful around your "friends" from now on.
once you are done contacting PayPal and Nintendo, go on this site:
https://haveibeenpwned.com/
Punch in the Email that was linked to the compromised Nintendo account.
If you get a hit, change your password EVERYHWERE.
If you don't get a hit, be careful around your "friends" from now on.
Also, https://twofactorauth.org/ is great to check for sites where you can enable 2FA.
Hope it gets resolved for you, OP!
Hope it gets resolved for you, OP!
Well, there is an open-source OAuth 2.0 app for PC users:
GitHub - winauth/winauth: Authenticator on Windows for Battle.net / Steam / Guild Wars 2 / Glyph / Runescape / SWTOR / Bitcoin and digital currency exchanges
Authenticator on Windows for Battle.net / Steam / Guild Wars 2 / Glyph / Runescape / SWTOR / Bitcoin and digital currency exchanges - winauth/winauth
github.com
I like 2fa that just sends a text to your phone number so that you don't have to worry about back up codes etc
What makes it the least secure? Because someone could steal my phone? My phone number is only one 1 device
Well, it's described in the article I linked in my post:
Here's another article with more information: https://www.wired.com/2016/06/hey-stop-using-texts-two-factor-authentication/
There are other sources of course, but these came up on top in a quick search.
Also, don't get me wrong, they're definitely better than no 2fa, but given the choice I would never settle for SMS based 2fa.
update: Nintendo refunded my paypal this morning around 11AM EST. Impressive turnaround time of about 24 hours from my initial contact of customer service (on a Sunday no less) to refund. Thank you Nintendo ♥
SMS isn't secure. It's only encrypted part of the way and the encryption it does use is considered broken. And phone numbers can be transferred to another SIM surprisingly easily.
SMS-based 2FA is far better than nothing because it helps prevent opportunistic attacks, but it does very little if you're specifically being targeted.