If you click on a link and make a purchase we may receive a small commission. Read our editorial policy.

Nintendo account breach affected almost twice as many people as previously thought

UPDATE: Company "will continue working to safeguard our platforms and our customers' data".

UPDATE 4.30PM: Nintendo has sent through this new statement:

"We would like to provide an update on the recent incidents of unauthorised access to some Nintendo Accounts.

"While there is no evidence that Nintendo's databases, servers or services were breached, and while we can confirm that no credit card information was compromised, we took precautionary measures to help safeguard our customers. We discontinued the ability to use a Nintendo Network ID to sign in to a Nintendo Account, and we reached out to all customers whose accounts we had reason to believe were accessed without authorisation to help them take additional steps to protect themselves.

"If someone becomes aware of unauthorised activity using a Nintendo Account, we encourage them to take the steps outlined in the article about the Nintendo Account recovery process or visit https://www.nintendo.co.uk/Support/Welcome-to-Nintendo-Support-11593.html for general support.

"In addition, we strongly encourage all our customers to employ strong, unique passwords and enable two-step verification for their Nintendo Account as instructed here: How to set up two-step verification for a Nintendo Account.

"We apologise for any inconvenience caused and will continue working to safeguard our platforms and our customers' data."

ORIGINAL STORY 11.40PM: Back in April, Nintendo admitted up to 160,000 user accounts had been accessed by unauthorised means - with linked payment methods used in some cases to make purchases.

Today, Nintendo has said it believes an additional 140,000 people were affected, for a total of 300,000.

In an update to its Japanese support site, Nintendo said it had reset the Nintendo Network ID (NNID) and Nintendo account passwords for these users, and contacted those affected.

Refunds have been processed for most customers whose account was used to make unauthorised payments and, Nintendo said, 300,000 people was less than one per cent of all NNID users.

But there's no detail on when these additional customer accounts were breached, and why Nintendo had not detected these sooner.

In April, Nintendo faced criticism from fans it had been slow to notice a growing wave of reports from Switch owners who said their accounts had been accessed.

The company finally admitted there was an issue on 24th April, when it disabled Nintendo Account sign-in via NNID. This log-in method remains disabled as of today.

In a statement acknowledging the unauthorised access of accounts, Nintendo said there was no evidence of its own databases or servers being hacked - suggesting the user details used to log-in via NNID had been harvested elsewhere.

Those affected had private data such as their nickname, email, date of birth, gender and country/region made potentially viewable by a third party.

Credit card data was not accessible, though payments were taken via linked Paypal and bank accounts. These were typically for in-game currency in Fortnite, in bundles worth up to £99.

We've contacted Nintendo for an update on these latest accounts which have been affected.

Back in April, Nintendo told Eurogamer it "strongly recommended" switching on two-factor authentication for your Nintendo account - a guide to do so can be found here.

From Assassin's Creed to Zoo Tycoon, we welcome all gamers

Eurogamer welcomes videogamers of all types, so sign in and join our community!

Related topics
About the Author
Tom Phillips avatar

Tom Phillips


Tom is Eurogamer's Editor-in-Chief. He writes lots of news, some of the puns and makes sure we put the accent on Pokémon. Tom joined Eurogamer in 2010 following a stint running a Nintendo fansite, and still owns two GameCubes. He also still plays Pokémon Go every day.