Nintendo said 300,000 Nintendo Network ID (NNID) accounts were broken into as part of a hacking attempt in April, which is nearly twice as many as initially stated. Nintendo previously said that 160,000 accounts were broken into.
NNIDs were used for the 3DS and Wii U and allowed users of either system to download content and link their systems to a shared wallet. A new account system was used for the Nintendo Switch, but 3DS and Wii U owners could link their accounts.
Hackers could have spent money at the My Nintendo store or the Nintendo eShop using virtual funds or money from a linked PayPal account. Additional information such as a user’s nickname, date of birth, and email address may have also been visible.
Nintendo says that accounts may have been broken into if users had the same password on both their NNID and Nintendo account.
In response to the breach, Nintendo eliminated the option for Switch owners to log into their Nintendo account via NNID. The 300,000 accounts that were impacted by the hacking attempts will receive password resets via email from the company; additionally, Nintendo is encouraging all Switch owners to enable two-step verification to secure their accounts.