Published: 06/07/2020

What Nintendo Gamers Need to Know

  • Netacea, Agentless Bot Management

3 minutes read

Was Nintendo hacked?

In April 2020, Nintendo revealed an account hijacking scheme that compromised around 160,000 users when attackers gained unauthorized access. Nintendo has warned customers that hackers might have gained access to account information, such as nicknames, dates of birth, and email addresses. However, Nintendo has updated this original estimation to 300,000 gamers whose accounts were illegally accessed by hackers.

The company said:

“We sincerely apologize for any inconvenience caused and concern to our customers and related parties.”

Nintendo disclosed that only 1% of the compromised accounts have been used to make fraudulent transactions. This breach was reportedly due to credential stuffingphishing, or brute force automated attack techniques:

Credential stuffing

Bot operators take usernames and passwords from other breaches and try them against other assorted services.


Attackers trick users into disclosing login details by sending them to a cloned site or other types of deception.

Brute force

Automated bot techniques are used to acquire weak and common passwords quickly and easily, allowing an attacker to break into any website.

It has been reported that in June 2020, Nintendo would move away from the mobile gaming industry, and currently has no new mobile games in development. Nintendo’s move out of the mobile gaming industry to concentrate on their Switch devices is likely to be a popular decision with players

Could this be due to the recent account hijacking? Nintendo has since triggered password resets and no further incidents since April’s data breach.

Nintendo recently said:

“As one action in our ongoing investigation, we are discontinuing the ability to use a Nintendo Network ID to sign in to a Nintendo Account. All other options to sign-in to a Nintendo Account remain available.”

How to protect your account

Nintendo is encouraging users to make use of the two-factor authentication option that is available to them as an additional layer of security. Two Factor Authentication is an extra line of defense which can defend your account from a brute force attack.

Passwords should never be shared across accounts and services. However, there is a tendency for consumers to reuse and share passwords from account to the next, and this means that although a data breach occurred on another business’s website, that same data breach can become your problem. Once the compromised credentials have been breached, bots make it easy to verify those same credentials on other websites and gain access to further accounts held by the customer.

Although the breach may not have occurred on your website, it is your responsibility to put a sophisticated, defensive bot solution in place. It is vital that your bot management technology provides comprehensive protection against bot activity that targets weaknesses in your business logic across your website and API-based systems.

Talk to the bot management experts at Netacea today to find out how our best-of-breed bot management technology protects websites, mobile apps and APIs from malicious attacks such as scraping, credential stuffing and account takeover.

Schedule Your Demo

Tired of your website being exploited by malicious malware and bots?

We can help

Subscribe and stay updated

Insightful articles, data-driven research, and more cyber security focussed content to your inbox every week.


By registering, you confirm that you agree to Netacea's privacy policy.