• Light/Dark
  • Ever wanted an RSS feed of all your favorite gaming news sites? Go check out our new Gaming Headlines feed! Read more about it here.

There might be a security breach with Nintendo Accounts. Change your password, check your logins, and enable 2FA.

Reader mode
AncientReptileBrain

AncientReptileBrain

Member
Oct 25, 2017
6,457
kitchenmotors said:
I would enable 2FA, but I don't want to use some Google app. Why can't we just use our phone number?
Click to expand...
Click to shrink...
www.wired.com

How to Protect Yourself Against a SIM Swap Attack

Your phone number is increasingly tied to your online identity. You need to do everything possible to protect it.
www.wired.com www.wired.com

gimletmedia.com

#130 The Snapchat Thief | Reply All

This week, a new Super Tech Support: after Lizzie's Snapchat gets hacked, things start getting really creepy. Alex investigates.
gimletmedia.com gimletmedia.com
 
zswordsman

zswordsman

Member
Nov 5, 2017
1,771
Martin said:
Use authy, it is a much better app and you can also use it on your pc.
When setting up 2FA you always get backup codes. Keep them safe! They can safe your ass!
Click to expand...
Click to shrink...
Wait, so we can use another authentication app besides the one Nintendo recommended? I'm not to keen on the whole one device only local backup. But I'd feel a lot better since I hear Authy is a better app.
 
Linde

Linde

Banned
Sep 2, 2018
3,983
808s & Villainy said:
They give you backup codes that you should save somewhere and use if you lose access to your authenticator
Click to expand...
Click to shrink...
Martin said:
Use authy, it is a much better app and you can also use it on your pc.
When setting up 2FA you always get backup codes. Keep them safe! They can safe your ass!
Click to expand...
Click to shrink...
TeenageFBI said:
I *think* Google has a way to recover your codes (unsure if you have to manually enable it beforehand) but I'd rather just use Authy which allows you to get codes on multiple devices.
Click to expand...
Click to shrink...
Kouriozan said:
I would change password but we already got people claiming they just changed it and got hacked again so I'll wait a bit and see if I get attempt emails.
I don't keep my CC infos on my account anyway.

They give you unique emergency codes to store if you lose your phone.
Click to expand...
Click to shrink...
Thanks
how do you save your backup codes? Just put in a text file on your computer?
 
SinCityAssassin

SinCityAssassin

Member
Oct 25, 2017
15,171
Most of Nintendo's major social media accounts alerted customers about rising unauthorized logins or to enable 2FA as early as April 6-9.



 

wild_one

Member
Oct 27, 2017
148
I've had 2FA for just about everything that can have it, and haven't had an issue yet. Nintendo enabled it back in 2017, since that's when I saved the QR code.
 
Tunesmith

Tunesmith

Fraud & Player Security
Verified
Oct 25, 2017
1,936
Orb said:


twitter.com

Pixelpar on Twitter

“I suspect Nintendo may have had a major security breach. My account was accessed numerous times overnight. My password is a unique string and my PC is definitely clean (not that I ever login via it). Lots of similar reports on Reddit/twitter. Unlink PayPal & enable 2FA folks!”
twitter.com twitter.com



This happened to me. Unique, random password and my account was accessed from Russia. Lots of replies on this tweet saying the same things.

This is unconfirmed but I feel like something is up. I would exercise caution if you have a Nintendo Account.
Click to expand...
Click to shrink...

Whenever I read something like this I get reminded of that most people not in the info security field vastly underestimate just how many compromised accounts organized fraud has on stock that when used for credential stuffing cause these kinds of straw man theories.
 
Musubi

Musubi

Unshakable Resolve - Prophet of Truth
Banned
Oct 25, 2017
23,611
Password changed and 2FA on. Actually didnt know nintendo had 2FA until now.
 
Xeteh

Xeteh

Member
Oct 27, 2017
6,383
Nothing showing on my account but I enabled 2FA anyways. Never thought to since I rarely use my Nintendo account.
 
JershJopstin

JershJopstin

Member
Oct 25, 2017
5,332
I don't store card info and use 2FA, but thanks for the heads-up as I believe I use that password in a few more crucial spots. Changing them all now.
Orb said:
Yes, it does. The website tells you to use Google Authenticator but Authy and others work as well.
Click to expand...
Click to shrink...
Huh, it used to say you could use either. Wonder why they removed the Authy suggestion.
 
Martin

Martin

One Winged Slayer
Member
Oct 25, 2017
2,432
zswordsman said:
Wait, so we can use another authentication app besides the one Nintendo recommended? I'm not to keen on the whole one device only local backup. But I'd feel a lot better since I hear Authy is a better app.
Click to expand...
Click to shrink...
Yes you can use another app. Before Authy I used the google one and got annoyed after changing my phone and having no backup.
Authy works the same way with scanning the qr code provided to activate 2FA (or putting in a code).
 

Deleted member 44122

Guest
do you have other accounts connected that also allow a login, like the old nintendo network id?
 
Valcrist

Valcrist

Tic-Tac-Toe Champion
Member
Oct 25, 2017
9,692
www.resetera.com

How are multiple people getting in my Nintendo Network account?

Last month, I was greeted with this: So, I freaked out and used a LastPass password this time, to ensure that no one would figure it out. I also changed my LastPass password too, just in case. Then I wake up to this, this morning. How the hell?! I added 2 factor this time, but it makes no...
www.resetera.com www.resetera.com

I had this issue and posted about it before. Two people from different countries logged on my account in the span of a month, and I was using super secure lastpass passwords that I changed after the first login. 2FA fixed this. Be sure to put 2FA on your accounts ASAP, everyone.

It's clear I'm not the only one anymore. This is becoming more and more widespread.
 

Deleted member 44122

Guest
zswordsman said:
Not a fan of using a Google app in order to activate 2FA but it's better than nothing I guess. Apparently if you erase the app on your phone the app won't save it or have a backup since it's local only. So I advise everyone to really save those Nintendo backup codes after setting up 2FA.
Click to expand...
Click to shrink...
you can use other apps like authy, they use the same system but allow backups and multiple devices
 
Wozman23

Wozman23

Banned
Oct 25, 2017
1,031
Pico Rivera, CA
I had an login from Russia 2 or 3 days ago, but assumed it was just me since I used my generic password (which is probably already out there from countless other hacks). Now I'm updated to a random password and 2FA.
 
Liquid Snake

Liquid Snake

Member
Nov 10, 2017
1,893
Hearing that people have changed their passwords and then are getting the same alerts within hours is unusual. Unless they're being silly and using passwords like "acbd1234" this shouldn't be happening, even with a security breach, since it still takes time to crack passwords from breached databases.

Anyone with real security experience have more insight?
 
SinCityAssassin

SinCityAssassin

Member
Oct 25, 2017
15,171
Linde said:
im reading up on 2FA and the google authentication app
apparently it stores data to the phone without backup? What happens if we lose access to our phone then? Are we locked out of the nintendo account as well?

Correct me if its wrong
Click to expand...
Click to shrink...
If you go check the security tab of your nintendo account after you enabled 2FA, Nintendo gives you 10 one use, non-expiring backup codes in case you lose access to the authenticator. You just save em on the computer, text file it, take a picture, whatever.
 
Desma

Desma

Member
Oct 27, 2017
5,206
Didn't even knew you could set up 2FA for Nintendo Accounts

Nothing happened, but activating on my accounts rn
 
Daebo

Daebo

Member
Oct 26, 2017
1,276
Cincinnati
I actually fell victim to this because I'm a dumb fucking ass for not enabling 2 form verification. I got 106 bucks bought for fortnite v bucks. I posted about this on twitter two nights ago when it happened. I never use my switch and forgot I even had paypal attached. Feel like an idiot, but yeah, there must've been a hack.
 
BlueManifest

BlueManifest

One Winged Slayer
Member
Oct 25, 2017
15,320
Do I have to use google, what's the easiest authenticator to move around like if I get new phone
 

reKon

Member
Oct 25, 2017
13,709
Microsoft Authenticator is great - that's what I've been using for everything. Better than Google's solution.
 
McNum

McNum

One Winged Slayer
Member
Oct 26, 2017
5,186
Denmark
To those of you talking up Authy.

Can I just transfer my Google Authenticator 2FA logins to it, or will I have to re-register all of them for Authy?
 
Yabberwocky

Yabberwocky

Member
Oct 27, 2017
3,256
Thank you for the heads up, OP! Thankfully I haven't had any unusual activity, but I will change my password. I normally use 2FA on everything, but I'd been nervous about Google Authenticator with Nintendo in case something happened to my phone, but I'll look into Authy instead.
 
Xavi

Xavi

Member
Oct 27, 2017
14,772
Lightning for Smash
For all of you recently activating 2FA and using Google Auth, be SURE to save your backup codes. Save it in Google Drive, dropbox, gmail, whatever but be sure to have them in another place other than your mobile device.

I would still recommend Authy over Google Auth anyday.
 
Reader mode
You must log in or register to reply here.