Gotcha, thanks.
This is very probably the weak link used here. I unlinked my NNID and can't even remember what use it is right now.Check https://accounts.nintendo.com/federation
The credentials of any linked accounts can be used in place of your Nintendo Account credentials. If you have any linked accounts with outdated passwords, I'd suggest updating them or unlinking outright if you don't use the account anymore.
This is very probably the weak link used here. I unlinked my NNID and can't even remember what use it is right now.
Seems so probably because I rarely login through desktop browser only login my account directly on my Switch for eShop. I can only still access the account through Switch since I'm still logged in and doesn't require 2FA codes. But once I log out there I'm screwed so I need to sort this out asap
Yeah pretty sure other online services I seen where if you didn't have 2FA on you there was other methods to get in still think it was Gmail or Steam can't remember, oh well hopefully Nintendo support can help me nowSomething like this almost happened to me. I was on a new phone and needed to sign in, but the Google authenticator app's codes would never validate with the account, so it was impossible to sign in. Fortunately I was still signed in on my desktop and was able to disable 2FA so I could sign in on my phone. Otherwise, it would have been impossible to ever access the account. Why is this something that can happen? So secure you can never access your own account because of faulty tech? That sucks.
This is very probably the weak link used here. I unlinked my NNID and can't even remember what use it is right now.
Yeah, someone from Russia signed into my account on April 3rd. I had 2fa already so they couldn't do anything and the password was unique. Not sure why Nintendo hasn't said anything.
No cloud backup. Lose your phone or the app and lose your codes.Curious as to why are people recommending against Google Auth. Is there any known issues with it? Ive been using it for awhile now so all this talk has me a bit concerned.
They have to alert impacted users within a certain time period under gdpr. What Sony did isn't relevant as gdpr wasn't a thing.i'm sure they're contacting the right authorities but I suspect Nintendo is gonna stay relatively quiet about how this is going as they work behind the scenes to fix it unless the compromised numbers are too high to ignore. Hell, Sony took a week before admitting to their breach back in 2011, and that number was in the millions.
2FA via text is insecure as soon as the attacker can obtain your phone number, which can be done in a myriad of ways once they have enough info. 2FA via text is mostly used as an excuse to get you to provide your phone number and not about security at all.
The card details are saved only on the Switch hardware, not stored online anywhere, so that only protects you from someone physically holding your Switch, or you buying crazy games while drunk.Nothing weird with my account but turned on 2FA anyway. Does not saving card details on my Switch do anything to protect myself?
- Credit card information stored on your Nintendo Account can also be used for off-device purchases.
Did you check to see what other services were linked to your account, since those can be used to bypass Nintendo sign-in? Making Nintendo secure doesn't help if it's linked to a service where you are using an old password and no 2FA, like maybe Facebook or the Nintendo Network ID (from 3DS/Wii U)Last week I got a message that someone in the US logged into my account (I'm from Belgium) so I changed it to a new random generated password from Lastpass. 6 hours later I got a message that someone logged into my account in China with the new password.
Changed my password again and enabled 2FA but my guess is that there was some kind of security breach with Nintendo.
How do I even access the nnid online?Also, Linking your NNID to your Nintendo Account means you share Eshop balances across both of them.
EDIT: Could we have a modpost or edit the OP with a guide on what you should to to protect yourself? So far I'm seeing:
- Enable 2FA for Nintendo Account
- Change Nintendo Account password
- Change NNID password (Maybe wait a bit because there could be an active breach? IDK)
Which is cool because my bank, BOA, doesn't have anything but 2 factor via SMS.2FA via text is insecure as soon as the attacker can obtain your phone number, which can be done in a myriad of ways once they have enough info. 2FA via text is mostly used as an excuse to get you to provide your phone number and not about security at all.
Hold on. Do you actually need a 3DS to change an old Nintendo network account password? It would make this a very serious issue because most people are going to have an old password on that account and it would work as a log-in method to the new Nintendo Switch account.I had a problem with my account a few days ago.
This was the culprit for me.
I had to bust my old 3ds out to change my nintendo network ID password, since i believe it's the only way to do so.
I'm guessing a ton of people have hella old username/passwords for their NNIDs (with passwords leaked from other sites) and hackers are brute forcing these accounts.
No attempts to log into my Nintendo Account aside from my own. I do NOT have my NNID linked.Hold on. Do you actually need a 3DS to change an old Nintendo network account password? It would make this a very serious issue because most people are going to have an old password on that account and it would work as a log-in method to the new Nintendo Switch account.
Has anyone here had their account broken into WITHOUT a Nintendo Network account linked?
Hold on. Do you actually need a 3DS to change an old Nintendo network account password? It would make this a very serious issue because most people are going to have an old password on that account and it would work as a log-in method to the new Nintendo Switch account.
Has anyone here had their account broken into WITHOUT a Nintendo Network account linked?
Nintendo will send you an email letting you know there was a New Sign-in and where the sign-in was from.how do you know someone access your account from other country ?, nintendo sent you email warning ?
how do you know someone access your account from other country ?, nintendo sent you email warning ?
You can use any OTP app, Google Authenticator is just one implementation. I use andOTP. Consider not using 2FA via your phonenumber - it can easily be spoofed and 2FA codes can be stolen.Is the only way to set up 2FA with Nintendo via this Google authenticator app? I'd much rather use my phone #instead.