Nintendo Data Breach Grows: Now Totals Roughly 300,000 Users

The reported size of the Nintendo data breach is growing. Initially pegged at 160,000, the total number of users have grown to 300,000.

It’s happening again. A data breach initially reported to affect a smaller number users has follow-ups that say the number of affected is bigger than the initial report. This time, it seems that Nintendo is the latest company to be going through this.

Back in April, we brought you the initial reports which said that an estimated 160,000 Nintendo customers have been affected by a data breach. As Nintendo said that they are resolving the problem, some users said that they are seeing suspicious activity on their accounts. Additionally, some users say that they are seeing unexplained purchases showing up on their bank and credit card statements.

Now, the nightmare scenario is unfolding for Nintendo. While it is still technically small in relation to how many customers they have overall, the growing number of affected users is still worrying. Security Boulevard notes that the breach now affects 300,000 users. From the report:

Yesterday, Nintendo released a new statement confirming that an additional 140,000 user accounts were exposed after the Nintendo Network ID (NNID) system was compromised in April 2020.

Before confirmation of the security incident, the company received multiple reports from users reporting unauthorized logins to their accounts, and even fraudulent use of stored credit card data.

Nearly two months after their first report, the number of compromised accounts has now reached 300,000.

“We posted a report on unauthorized login on April 24th, but as a result of continuing the investigation after that, there were approximately 140,000 additional NNIDs that may have been accessed maliciously,” the company said. “We have also reset the passwords for these 140,000 NNIDs and the Nintendo accounts that were linked with them, and contacted the customer separately. At the same time, we are taking additional security measures.”

The company also said it is in the process of refunding affected users, and that less than 1% of all NNIDs illegally accessed may have also suffered fraudulent transactions through their Nintendo account.

We’ve seen this kind of growth before. Last year, we watched the Desjardins data breach grow to epic proportions. Initially, the breach was reported to encompass 2.7 million customers. Several months later, that reported number jumped to 4.2 million customers. At that pint, we honestly thought that it wouldn’t grow any bigger because this encompasses their entire customer base at the time. We were wrong. By December, an additional 2 million were also added to the total figure, exceeding 100% of their customer base. Apparently, they were holding details of customers from other companies as well which would explain how they accomplished this mathematical accomplishment.

Another case is Equifax. Initially, reports estimated that only 145 million Americans were affected and that only some pieces of information was compromised. By February of 2018, a filing saw Equifax admitting that the kind of information compromised is actually worse than reported. Merely one month later, reports surfaced that the breach is 2.4 million customers bigger than initially reported.

In 2011, Sony also saw an incident go from innocuous to disastrous. That was when the Playstation Network went down for unknown reasons. After 5 days, Sony, at the time, said that they were rebuilding the network. While this sounds more like an irritation than a particularly serious issue, just two days later, 70 million customers were suddenly put on fraud alert. That was the day the story went from a curiosity to a massive story spiralling into epic proportions. From there, lawsuits were filed, fines were threatened from governments, and then, there was the famous Sony press conference by day 10 which saw executives apologize to their customers. If anything, Sony knows first hand what Nintendo might be going through right now.

If anything, the last thing Nintendo wanted to see is this kind of story that just seems to get worse and worse over time. Unfortunately for Nintendo, it has already gotten worse once already. No doubt, the hope here is that the story doesn’t get any worse in terms of number affected. That’s not just for Nintendo’s sake, but for everyone’s sake as well.

Drew Wilson on Twitter: @icecube85 and Facebook.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: