-
Ever wanted an RSS feed of all your favorite gaming news sites? Go check out our new Gaming Headlines feed! Read more about it here.
-
We have made minor adjustments to how the search bar works on ResetEra. You can read about the changes here.
There might be a security breach with Nintendo Accounts. Change your password, check your logins, and enable 2FA.
- Thread starter Orb
- Start date
A Chrome extension for the Google Auth.
chrome.google.com
Authenticator
Authenticator generates two-factor authentication codes in your browser.
chrome.google.com
This is very probably the weak link used here. I unlinked my NNID and can't even remember what use it is right now.
Me neither. The difference between Nintendo Account and Nintendo Network ID has never been clear to me.
Seems so probably because I rarely login through desktop browser only login my account directly on my Switch for eShop. I can only still access the account through Switch since I'm still logged in and doesn't require 2FA codes. But once I log out there I'm screwed so I need to sort this out asap
Yeah pretty sure other online services I seen where if you didn't have 2FA on you there was other methods to get in still think it was Gmail or Steam can't remember, oh well hopefully Nintendo support can help me now
I've enabled mine long ago, but how critical is using Authy over Google Authentication?
WTF Epic was there despite me never touching Fortnite.
WTF Epic was there despite me never touching Fortnite.
Yeah, someone from Russia signed into my account on April 3rd. I had 2fa already so they couldn't do anything and the password was unique. Not sure why Nintendo hasn't said anything.
This is unusual, and you used a unique password.
Also, Linking your NNID to your Nintendo Account means you share Eshop balances across both of them.
EDIT: Could we have a modpost or edit the OP with a guide on what you should to to protect yourself? So far I'm seeing:
EDIT: Could we have a modpost or edit the OP with a guide on what you should to to protect yourself? So far I'm seeing:
- Enable 2FA for Nintendo Account
- Change Nintendo Account password
- Change NNID password (Maybe wait a bit because there could be an active breach? IDK)
Last edited:
No cloud backup. Lose your phone or the app and lose your codes.
Changed my password but I'm having trouble activating 2FA. Not getting any vertification emails so I added @accounts.nintendo.com to my safe senders list but I'm still not getting anything. I think I should just wait a hour or two but I would appreciate if anyone knows what the problem may be.
They have to alert impacted users within a certain time period under gdpr. What Sony did isn't relevant as gdpr wasn't a thing.
Nothing weird with my account but turned on 2FA anyway. Does not saving card details on my Switch do anything to protect myself?
2FA via text is insecure as soon as the attacker can obtain your phone number, which can be done in a myriad of ways once they have enough info. 2FA via text is mostly used as an excuse to get you to provide your phone number and not about security at all.
The card details are saved only on the Switch hardware, not stored online anywhere, so that only protects you from someone physically holding your Switch, or you buying crazy games while drunk.
edit: wow, I was totally wrong. I wonder which service I was thinking of...
Nintendo Support: Can I Store Credit Card Information on the Nintendo Switch eShop?
en-americas-support.nintendo.com
Last week I got a message that someone in the US logged into my account (I'm from Belgium) so I changed it to a new random generated password from Lastpass. 6 hours later I got a message that someone logged into my account in China with the new password.
Changed my password again and enabled 2FA but my guess is that there was some kind of security breach with Nintendo.
Changed my password again and enabled 2FA but my guess is that there was some kind of security breach with Nintendo.
Did you check to see what other services were linked to your account, since those can be used to bypass Nintendo sign-in? Making Nintendo secure doesn't help if it's linked to a service where you are using an old password and no 2FA, like maybe Facebook or the Nintendo Network ID (from 3DS/Wii U)
Last edited:
Last week I had somebody access my Nintendo account from Columbia and used my PayPal to buy £79.99 worth of vbucks on Fortnite. My password was unique to Nintendo however I did not have 2 step authentication on as I did not see this was an option. I have given all of these details to Nintendo and I'm waiting on them looking into this for me. Hopefully the money is refunded if they can see that I've never played Fortnite on the console. Shitty situation though.
Which is cool because my bank, BOA, doesn't have anything but 2 factor via SMS.
Happen to me last week. $200 was spent on a switch lite in India on Fortnite V-Bucks. Luckily Nintendo customer service was really nice and I got the money back in about 5 business days. Btw I don't own a switch lite or Fortnite. I also live in Los Angeles. Oh and PayPal was awful. I knew it had to be a hack on Nintendo's side. Op is spot on. Make sure to change all your passwords.
Last edited:
Hold on. Do you actually need a 3DS to change an old Nintendo network account password? It would make this a very serious issue because most people are going to have an old password on that account and it would work as a log-in method to the new Nintendo Switch account.I had a problem with my account a few days ago.
This was the culprit for me.
I had to bust my old 3ds out to change my nintendo network ID password, since i believe it's the only way to do so.
I'm guessing a ton of people have hella old username/passwords for their NNIDs (with passwords leaked from other sites) and hackers are brute forcing these accounts.
Has anyone here had their account broken into WITHOUT a Nintendo Network account linked?
No attempts to log into my Nintendo Account aside from my own. I do NOT have my NNID linked.
I haven't had any suspicious logins using my account, but I did go ahead and set up 2FA just to be safe.
Nintendo will send you an email letting you know there was a New Sign-in and where the sign-in was from.
Yeah you'll get an email, it's an automated thing. I got an email earlier this morning saying my account was logged in from USA (I live in UK). I've changed all my stuff and don't see anything, no activity on the account, no purchases and nothing on my bank yet either. But logging into the Nintendo account website it doesn't really seem to give a lot of info to be fair? Pretty much most of it is obscured and don't have a linked paypal account so I should be fine.
I had 2FA activated and didn't have any security break in my account.
However, I realised I didn't have it on my PS account and went there to activate it just to realize I only have the option to do 2FA through SMS message... really Sony?!
However, I realised I didn't have it on my PS account and went there to activate it just to realize I only have the option to do 2FA through SMS message... really Sony?!
You can use any OTP app, Google Authenticator is just one implementation. I use andOTP. Consider not using 2FA via your phonenumber - it can easily be spoofed and 2FA codes can be stolen.
Didn't get any login attempts,have 2FA enabled and complex password and no linked account,hope I'm good. I highly recommend to avoid linked accounts as a practice btw.
