Over the last month, Nintendo users have been increasingly reporting that their accounts have been hacked and obtained from remote locations around the planet, with a few users losing money because of the unauthorized intrusion.
The account Hijackings seem to have begun mid-March. They have attained a summit over the weekend when an increasing number of users began receiving email alerts that anonymous IP addresses are seen obtaining their Nintendo profiles.
The way accounts are getting hacked is now unknown. It’s unclear if hackers are using passwords leaked in data breaches at other sites to also get access to Nintendo accounts.
Some users reported using complex passwords created through a password manager, passwords that were unique to their account, and not used anywhere else. This suggests hackers may be using over the traditional credential stuffing, password spraying, or brute-force strikes.
Nintendo has yet to release an official statement about the attacks. Nonetheless, the business has advised users on Twitter and Reddit to empower two-step verification (2SV) for their account, suggesting that this may prevent intrusions.
Consumers report losing money.
A high number of individuals who reported unauthorized access to their Nintendo accounts also reported losing money.
In Some cases, the hackers purchased other Nintendo games. Still, in most events, victims said the hackers purchased Fortnite game currency by means of a card or PayPal account linked to the primary Nintendo profile.
“I get home from work, and during the drive home, my Nintendo Account was hacked, and they spent 300 bucks on Fortnite. “I want a hug,” a Nintendo user wrote on Twitter on Friday, sharing a similar experience encountered by others.
While there is no exact figure on the number of hijacked accounts, The issue seems to be occurring at scale, primarily because of the number of user complaints on several social media sites.
High profile Figures from the gaming world also have been hit. This includes the creator of this LootPots gaming news website, and Nintendo reports from ArsTechnica’s game reviews editor.
“My Paypal support man got Hit using a hacked Nintendo accounts,” another user wrote on Twitter. “I can not make this [expletive] up.”
With assistance from a source from the threat intelligence community, ZDNet has identified recent advertisements put up online this month, by which hackers are promoting Fortnite V-Bucks obtained from Nintendo Shift accounts.
The ads seem to be tied into the recent hijacking campaign that has been targeting Nintendo accounts.
“Once Bought, I Will Login And Purchase You The Specified Amount Of V-Bucks You Wanted/Needed,” all the advertisements’ text reads.
The best way to secure Nintendo accounts
Users who fear that they may have Been the victims of the mass-hijacking effort, or who wish to avoid having their accounts hacked, are advised to follow the steps below:
- Review your sign-in history. You may examine your current sign-ins by visiting https://accounts.nintendo.com/login_history.
- Change your password. You can do so via the above link. If you used the exact same password on other sites, it’s strongly recommended that you change those too.
- Sign out from all devices. From the same link as above, you can force all devices to signal out. This should be done after changing your password. If a person has access to your account’s credentials, then signing them out will not do much as they’ll have the ability to sign back in till it is changed.
- Empower two-factor authentication (2FA). This can be achieved by visiting https://accounts.nintendo.com/security. This adds an extra layer of security to your account. More info on setting up 2FA is seen in https://en-americas-support.nintendo.com/app/answers/detail/a_id/27496.
- Review any connected payment methods. Check for fraudulent purchases or other actions that you didn’t make.