Hackers Compromised 160,000 Nintendo User Accounts to Illegally Make Purchases in Game Stores
Hackers have gained access to 160,000 Nintendo user accounts, wherein evildoers apparently used gamers’ balance and registered credit cards or PayPal to illegally make purchases in My Nintendo Store or Nintendo eShop.
The Japanese video game company announced the breach on June 9 in a blog post, confirming that there was an illegal login to some Nintendo accounts via Nintendo Network ID (NNID) using a spoofed login. The announcement was an update to the April hack when the company indicated that approximately 140,000 accounts were compromised.
Third Parties Got Access to Users’ Personal Data But Not Credit Card Number
After getting unauthorized access to the accounts, criminals could view details such as users’ nicknames, date of birth, country/region, and email addresses. The company claimed that there was no users’ credit card number among the information that may have been viewed by third parties.
Overall, less than 1% of all NNIDs globally may have been logged in without authorization, according to the company. At this point, Nintendo is in the process of refunding, with most customers having been already refunded.
In a separate announcement, Nintendo UK assured users that “there is currently no evidence pointing towards a breach of Nintendo’s databases, servers, or services.” The company, however, said that it will not reveal more information about the methods hackers used to gain unauthorized access.
Video Game Players are Under Hacker Attack
In recent months, cybercriminals seem to have focused on video game players. Earlier this year, the Chinese Winnti hacking group launched attacks against South Korean games company Gravity. Gravity stands behind Massive Multiplayer Online Role-Playing Game (MMORPG) Ragnarok Online.
Just recently, an updated version of the AnarchyGrabber trojan began circulating the Internet posing a threat to the communication app Discord users. The malware is reportedly geared to steal users’ passwords and tokens, disable two-factor authentication (2FA), and even spread the attack on a victim’s contacts.
The malware had already been around for some time, and mostly affected users’ account main points, transferring the collected tokens to third-party servers, as well as changed device folders. The modified version’s features now enable cybercriminals to steal users’ plain text password and command an infected client to spread the malicious program to a victim’s contacts on Discord.
Subscribe to our Newsletter<
- Researchers Disclose Bot in Disguise Mining Crypto and Stealing User Data
- Messenger App Steals User Data and Hacks Their Devices, ESET Research
- Stalkerware Usage in on the Rise as Domestic Violence Rates Surge During Lockdown
- Former Yahoo! Engineer Who Hacked 6,000 Email Accounts Looking for Sexually Explicit Media Avoids Jail
- Malware App Fakes Postal Service to Steal User Personal Data and Manipulate SMS Messages
- FBI Names Six U.S. States Most Vulnerable to Online Attacks
- Secure Identity Expert Explains How Cryptography Gives Us Power Over Personal Data
- Eastern European Hacker Group Stole $200m From Crypto Exchanges via Supply-Chain Attack