It was just recently that Nintendo brought up and stressed use of two-factor authentication for logins on the Nintendo Switch console - a move which raised some eyebrows. Why now? Well, it seems a wave of illicit logins and unauthorized activity has hit the console’s player community. Nintendo just shared that somewhere around 160,000 Nintendo Switch accounts may have experienced unauthorized logins.
This fact was revealed in in a security report on the Japanese Nintendo Support website on April 24, 2020. Reportedly, the weak point in the system was Nintendo Network IDs (NNID). Nintendo revealed that around 160,000 Switch accounts had seen unauthorized logins via NNIDs. As a direct result, Nintendo has abolished Switch account logins via NNIDs for the foreseeable future. This came along with messaging that affected customers would be emailed to change passwords and that customers logged in via their NNID should instead login via their Nintendo Account email. These and further details to secure your account may be found in the security report linked above.
Nintendo confirms that ~160.000 accounts that use a Nintendo Network ID to login into their Nintendo Account were affected by recent hacking attempts— Nibel (@Nibellion) April 24, 2020
NNID login has been deactivated now and passwords will be reset for accounts that have been affected
2FA is highly recommended https://t.co/IfxRGJRLNR
This comes on top of the fact that Nintendo has been investigating a growing trend of unauthorized logins and purchases on the Switch system. It would appear that many owners were seeing purchases made via logged credit cards on Nintendo accounts to purchase items like Fortnite VBucks and other such easy-to-access or transfer items. With the NNID observed as a core part of the issue, Nintendo is already taking steps to shut down one end of the wave of illicit access to Nintendo and Switch accounts.
As reported by Eurogamer, it's worth noting that in an English statement from Nintendo, it mentioned that the breach wasn't in Nintendo's own databases, but rather through different breaching different websites to access login data for a seperate service (a tactic known as credential stuffing). It also comes as a reminder to vary your password through different services and/or change it from time to time on particularly important ones. Thanks Masem.
Nintendo also mentioned two-factor authentication once more as a means of extra security for stopping unauthorized access to accounts. Don’t know how to set this up on your console? No worries. Be sure to check out our guide to setting up two-factor authentication on your Nintendo Switch and be extra safe. Stay tuned as we continue to follow this story for further news and information from Nintendo.