Nintendo confirms widespread unauthorised access of NNID accounts

Enable 2-Step Verification

Update: Nintendo of Europe has provided an English statement on their support website. You can see the full text at the end of this article. Original article continues below.

In recent weeks, there have been many reports across the internet of unauthorised purchases happening for Switch users. Today, Nintendo has responded, and the verdict isn’t great.

Nintendo Co. Ltd. has confirmed in a Japanese press release the unauthorised access of over 160,000 NNID accounts starting in early April — that’s accounts that are used for the 3DS and Wii U, and are separate from Nintendo Accounts used on Switch. NNID accounts can, however, be linked to a Switch Nintendo Account, specifically for the purpose of sharing a wallet between Switch, 3DS, and Wii U consoles. Nintendo has now terminated the option to login to a Switch account using an NNID, which had allowed unauthorised purchases to take place on the Switch eShop.

Nintendo has also starting rolling out the automatic resetting of passwords for potentially affected NNIDs and Nintendo Accounts, and suggests users change their passwords to be different from both each other, and from any other account password you use. The company has suggested that users also set up 2-Step Verification on their Nintendo Accounts, which you can do by clicking this link, and unlinking any existing NNID from your Nintendo Account.

Nintendo has said that the information that may have been made available if your account was compromised are your name, date of birth, gender, country/region. and email address. No financial information such as credit card details and PayPal account details have been compromised.

Important Notice

We would like to provide an update on the recent incidents of unauthorised access to some Nintendo Accounts.

While we continue to investigate, we would like to reassure users that there is currently no evidence pointing towards a breach of Nintendo’s databases, servers or services. As one action in our ongoing investigation, we are discontinuing the ability to use a Nintendo Network ID to sign in to a Nintendo Account. All other options to sign-in to a Nintendo Account remain available.

As a further precaution, we will soon contact users about resetting passwords for Nintendo Network IDs and Nintendo Accounts that we have reason to believe were accessed without authorisation.

In addition, we also continue to strongly encourage users to enable two-step verification for their Nintendo Account as instructed here: How to set-up two-step verification for a Nintendo Account.

If any users become aware of unauthorised activity, we encourage them to take the steps outlined in the article about the Nintendo Account recovery process.

During the investigation, in order to deter further attempts of unauthorised sign-ins, we will not reveal more information about the methods employed to gain unauthorised access.

We apologise for the inconvenience and concerns caused to our customers, and we will continue working hard to safeguard the security of our users’ data.

Oliver Brandt

Deputy Editor, sometimes-reviewer, and Oxford comma advocate. If something's published on Vooks, there's a good chance I looked over it first. I spend way too much on games and use way too many em dashes.