Nintendo account holders may have seen notifications that their “Nintendo Network ID” or “NNID” has been compromised. Nintendo has now confirmed that approx. 160k user accounts had been breached. Today’s post will go over the breach and what you should do. Nintendo Reporting Unauthorized Login to “Nintendo Network ID”
Approx 160k Nintendo Accounts Compromised
Per the post by Nintendo, access to the accounts happened via the legacy Nintendo Network ID, also known as the NNID. The NNID was a popular way of logging into the in the days of the Wii U and the 3DS. So what is the difference from the older NNID and the current Nintendo Account.
- The short answer is that an NNID is used to make purchases on the Wii U and 3DS, while a Nintendo Account is used to make purchases on the Switch. The main reason to have linked your NNID with your Nintendo Account is to merge your eShop funds.
So Nintendo announced in their post
Therefore, we are announcing today that we have abolished the function of logging in to a Nintendo account via NNID .
In addition, passwords will be reset sequentially for NNIDs and Nintendo accounts that may have been illegally logged in.
Nintendo stated that the break appears to have started in early April 2020, and that if you used the same password for both the Nintendo Account and the NNID, that it is possible that your balance and registered credit card / PayPal may be illegally used at My Nintendo Store or Nintendo eShop. In addition, whomever accessed the accounts illegally may have also viewed your Nickname, date of birth, country / region, email address. Someone having that information could make you the target of phishing attacks in the future.
What Should You Do If you Have Both Nintendo Accounts
- The first thing you will need to do is change your passwords, and make sure you DON’T use the same password for both accounts. Those with suspected compromised accounts will be notified by Nintendo, but even if you are not notified, if you share the same password on the 2 accounts you should change it now.
For NNID Accounts Change Password
- Access the Nintendo Network ID Settings.
- Select Password Settings.
- Select from the following options:
- Change Password: Update the password associated to your Nintendo Network ID.
- Save Password: Choose whether or not the password is required to access the user account on the system.
- I Forgot: Request a temporary password be sent to the e-mail address associated to the account.
For Nintendo Account Change Password
- Go to the Nintendo Account website and sign in to your Nintendo Account.
- Select Sign-in and security settings, and then select Edit in the Change Password section.
- Enter your current password, then select OK.
- Enter and confirm a new password.
- Passwords must be at least 8 characters long.
- Passwords must include a combination of characters from 2 of the following categories: letters, numbers, and punctuation.
- Click Submit to update the password.
Notes
- If you find that there are purchases on your account that you did not make, the you should reach out to Nintendo Support, so they can conduct an individual investigation and then cancel the purchase.
- The other thing you can so is set up 2FA (Two Factor Authentication) on your account. By setting up 2FA, it will take not just use your account password, but also a code that from an Authenticator app of your choosing (like Google Authenticator). The post How To: Adding 2FA to Nintendo Account has the steps to add 2FA to your Nintendo Account.
Final Thought
You should never use the same password on multiple accounts. I know, I know, “I can’t remember all of these [email protected]#$ passwords”. Unfortunately, when the bad guys manage to get info from location, it doesn’t stop there. In the example of this NNID breach, they found the passwords for NNID, and the looked at your associated email account. Next thing to do is go to every bank and credit card site and enter that combination and see if you have used that combination anywhere else. If you did, THEY JUST WON! So DON’T use the same password, everywhere. You can use a password manager program like LastPass or KeePass to help you keep track of all of your other passwords.
NOTE: A sticky note on your monitor with all your passwords is also NOT A GOOD IDEA.
Source(s)
- Nintendo – Nintendo Japan Support Page Announcing Breach
- Nintendo – Info on Changing NNID Password via Nintendo Support
- Nintendo – Info on Changing Nintendo Account Password via Nintendo Support
Nintendo Reporting Unauthorized Login to “Nintendo Network ID”
Thankfully I never did anything more than an offline Nintendo DS.
I considered using lastpass for my personal credentials, but what would you suggest for a password manager accross mulitple devices? If I am going to use complicated passwords everywhere…. i’d need this tool installed on every possible device I own?
Any suggestions?