-
Ever wanted an RSS feed of all your favorite gaming news sites? Go check out our new Gaming Headlines feed! Read more about it here.
-
We have made minor adjustments to how the search bar works on ResetEra. You can read about the changes here.
There might be a security breach with Nintendo Accounts. Change your password, check your logins, and enable 2FA.
- Thread starter Orb
- Start date
The only thing is use back-up codes, or call Nintendo. I was lucky that I had back-up codes reserved, otherwise, I was going to be locked out. That experience certainly made me never want to look back at google auth.
It's on r/nintendoswitch as a PSA regarding log-in activity
Did even know Nintendo had 2FA, so at least I have that turned on now!
Didn't have any breach as far as I can tell on my account, but I changed my password just in case.
Didn't have any breach as far as I can tell on my account, but I changed my password just in case.
From what I can tell, you can't change the password without access to a 3DS or Wii U.
I took my card details off then set it to take from the stored Eshop funds.
I've enabled 2-step verification on my Nintendo Account. I've seen no suspicious activity, but I still got that recommended layer of security nevertheless. I also unlinked a few accounts, including my NNID.
Should I be safe from this breach now? Or, at the very least, not as vulnerable to it as I once was?
Should I be safe from this breach now? Or, at the very least, not as vulnerable to it as I once was?
Done pretty much everything you can, and you will be a lot more secure with 2FA enabled
Okay.
Based on what I've read from people that got hacked, a lot of them noticed that the login attempts on their accounts stopped happening once 2FA was enabled, so that seems to be the number one thing you can do to avoid this breach.
Had 2 unauthorized logins since I didn't have 2FA on the account (purely because it's been ages and ages since I used it). Have since enabled 2FA on the account and used the signout all currently logged in sessions.
There definitely seems to be a Nintendo Security issue though.
There definitely seems to be a Nintendo Security issue though.
So long as they have a good 2FA implementation, no one is getting to your account without your phone. Wish more places would implement app-based 2FA. Netflix, banks, etc.
Seeing how this seems to be a very common issue right now, and no one has shown that they were phished, it either means there's a security exploit to login without knowing someone's password, or someone got a lot of passwords somehow from Nintendo's own database.
I'm pretty sure it's a violation for Nintendo to not disclose information soon, because this isn't a simple "LOL, your password was passw0rd" issue.
And that seems to help, but the problem is they DON'T have a good security implementation.
I'm pretty sure it's a violation for Nintendo to not disclose information soon, because this isn't a simple "LOL, your password was passw0rd" issue.
And that seems to help, but the problem is they DON'T have a good security implementation.
Still kinda crazy to me that Netflix doesn't have any solution for account security besides "you should have a good enough password".
That's good to hear.
I'm still nervous about this breach, but not as much as I was prior to getting 2FA.
That's crazy.
I'm not an expert, but aren't there too many reports to not be a security breach? I'd love some more info from Ninteno tbh.
Who are we talking about here, Nintendo? 2FA that's compatible with Google Authenticator is about as as good as it gets. You know, so long as the site actually enforces 2FA on all newly-detected logins.
Changed my email and password on my NNID as well, just in case.
I don't know if the following is of any use for correlating information, but my account hasn't been compromised, and my Switch account has also never been linked to my Nintendo Network ID. (I checked my 3DS, and while I can't tell if someone has accessed my NNID, there's been nothing different in my activity history. I suppose there isn't much one could do with $3.30 credit anyway.)
I only use that password for Nintendo. Seems like a data breach to me.
Still looking for two people to water some flowers for me. Kidd is also giving out ironwood cart DIYs as well (you don't need to water anything and can just come get the DIY if you want).
So far, no suspicious activity on my account, I have 2FA and NNID linked to it, never played Fortnite on Switch or other games that hackers would want to benefit from.
I've been paranoid about getting my account stolen since several years ago so I never store sensible information, even on my very old and unused Paypal (which I unlinked after the promotion), I would feel very awful if my account kept getting accessed.
I do remember my Epic Game account getting tons of failed logins email spam 2/3 years ago ->
https://www.resetera.com/threads/an...mpted-log-ins-on-your-fortnite-account.48497/
I wouldn't even be surprised if this issue is about Fortnite again, similar to PS4 players getting hacked for FIFA.
I've been paranoid about getting my account stolen since several years ago so I never store sensible information, even on my very old and unused Paypal (which I unlinked after the promotion), I would feel very awful if my account kept getting accessed.
I do remember my Epic Game account getting tons of failed logins email spam 2/3 years ago ->
https://www.resetera.com/threads/an...mpted-log-ins-on-your-fortnite-account.48497/
I wouldn't even be surprised if this issue is about Fortnite again, similar to PS4 players getting hacked for FIFA.
I see a lot of questions asking about NNID, but to be clear, that was 3DS/Wii U era Nintendo ID.
With the Switch it's called the 'Nintendo Account' which you can link your NNID to. Most people who got a Switch did to merge their eshop funds into the Switch account.
So if you linked your NNID to your Nintendo Account, your Nintendo Account is the primary account
With the Switch it's called the 'Nintendo Account' which you can link your NNID to. Most people who got a Switch did to merge their eshop funds into the Switch account.
So if you linked your NNID to your Nintendo Account, your Nintendo Account is the primary account
Last edited:
Ars Technica has a story about this: https://arstechnica.com/gaming/2020/04/nintendo-accounts-are-getting-hijacked-including-one-of-ours/
Finally figured out what they did with my account. Someone in the UK logged in, made their system the primary, downloaded a bunch of games and then disconnected their system from the internet.
It's definitely not a breach, I saw those forums and groups. They are "cracking" accounts using "configs", "combos" and proxies. Nintendo accounts with games are being sold for really cheap, like $1 per game. Some people are also doing it because of Fortnite.
Just make sure to enable 2fa, unlink other accounts and nnid.
Just make sure to enable 2fa, unlink other accounts and nnid.
Forgive me for asking, but what are configs, combos and proxies in terms of cracking accounts?
Same but it was good to be reminded about the alternative log in/connected accounts. I'll try and figure out my nnid situation tomorrow but it's not linked to my account now.
Just realized I didn't have 2FA on PayPal. Yikes!
When I have time, I'm going to have to sit down and make sure all my accounts are secure.
When I have time, I'm going to have to sit down and make sure all my accounts are secure.
It's still way more secure than a text message. Also if you don't like Google Authenticator you can use Authy.
Could you actually explain the things you just said? I don't understand.
That worked thank you.
Still none of this has been picked up or mentioned by Nintendo of issues or Epic, I only mention the latter because many have said that accounts that have been affected had funds spent on V-bucks.
Is there anything we can do?
Because at the end of the day all of us are gamer's and we all have that in common even if one is a Call of Duty player and the other is a Battlefield player etc, the gaming is getting bigger and bigger and the industry have their powerful hands to deal and the ESRB and PEGI etc are sort of a halfway house, but us as gamer's need to have some sort of voice, hacked (they must be because nobody is going to voluntarily sell) Xbox and PSN accounts are for sale on the likes of eBay, there are many issues and debating on sites like this isn't going to get anywhere really.
BBC reporting, but still nothing official from Nintendo
Nintendo owners urged to secure accounts
Switch owners report an apparent surge in attempts to buy expensive items through Nintendo accounts.
www.bbc.co.uk
Nintendo is investigating now apparently
twitter.com
Polygon on Twitter
“Nintendo ‘investigating’ reports of Nintendo Switch account breach, recommends 2FA https://t.co/rWxRrUGHvs”
twitter.com