Over the course of the last month, Nintendo users have been increasingly reporting that their accounts have been getting hacked and accessed from remote locations around the globe, with some users losing money as a result of the unauthorized intrusion.
The account hijackings appear to have started mid-March and have reached a peak over the weekend when more and more users started receiving email alerts that unknown IP addresses have been seen accessing their Nintendo profiles.
The way accounts are getting hacked is currently unknown. It is unclear if hackers are using passwords leaked in data breaches at other sites to also gain access to Nintendo accounts.
Some users reported using complex passwords generated through a password manager, passwords that were unique to their accounts, and not used anywhere else. This suggests hackers might be using more than the classic credential stuffing, password spraying, or brute-force attacks.
Nintendo has yet to release a formal statement about the attacks; however, the company has advised users earlier month on Twitter and Reddit to enable two-step verification (2SV) for their accounts, suggesting that this might prevent intrusions.
Users report losing money
A large number of those who reported unauthorized access to their Nintendo accounts also reported losing money.
In some cases, the hackers bought other Nintendo games, but in many incidents, victims said the hackers bought Fortnite game currency through a card or PayPal account linked to the main Nintendo profile.
"I get home from work, and during the drive home, my Nintendo account was hacked, and they spent 300 dollars on Fortnite. "I need a hug," a Nintendo user wrote on Twitter on Friday, sharing a similar experience encountered by many others.
While there is no exact figure on the number of hijacked accounts, the issue appears to be happening at scale, primarily due to the number of user complaints on various social media sites.
High profile figures in the gaming world have also been hit. This includes the founder of the LootPots gaming news site and Nintendo accounts from ArsTechnica's game reviews editor.
"Even my Paypal support guy got hit with a hacked Nintendo account," another user wrote on Twitter. "I can't make this [expletive] up."
With help from a source in the threat intelligence community, ZDNet has identified recent ads put up online this month, where hackers are selling Fortnite V-Bucks acquired from Nintendo Switch accounts.
The ads appear to be tied to the recent hijacking campaign that's been targeting Nintendo accounts.
"Once Bought, I Will Login And Buy You The Specified Amount Of V-Bucks You Wanted/Needed," each of the ads' text reads.
How to secure Nintendo accounts
Users who fear they may have been the victims of this mass-hijacking campaign, or who want to avoid having their accounts hacked, are advised to follow the steps below:
Review your sign-in history. You can check your recent sign-ins by visiting https://accounts.nintendo.com/login_history.
Change your password. You can do so through the above link. If you used the same password on other sites, it is recommended that you change those as well.
Sign out from all devices. From the same link as above you can force all devices to sign out. This should be done after changing your password. If someone has access to your account's credentials, signing them out won't do much as they will be able to sign back in until it's changed.
Enable two-factor authentication (2FA). This can be done by going to https://accounts.nintendo.com/security. This adds an additional layer of protection to your account. More information on setting up 2FA can be found at https://en-americas-support.nintendo.com/app/answers/detail/a_id/27496.
Review any linked payment methods. Check for fraudulent purchases or other activity that you did not make.