After announcing about 160,000 accounts had been accessed with no authorization, Nintendo now reports that as many as 300,000 customer accounts were actually accessed in April.
This new figure is over twice the originally reported number had been illegally accessed, the company announced in a statement. Nintendo says the breach was likely the result of customers using the same password in multiple accounts online.
Breached accounts that are linked to PayPal had several transactions for Fortnite currency appearing on connected debit/credit cards. Account nicknames, dates of birth, country/region, email address, and gender information were all exposed in the breach. After several complaints, Nintendo began disabling the ability for folks to log into their Nintendo Accounts using a Nintendo Network ID (NNID).
Although the function had previously returned, the ability to log in via NNID has officially been discontinued. Nintendo says it will now contact the additional 140,00 users affected via email.
Nintendo states in a recent statement “while there is no evidence that Nintendo’s databases, servers or services were breached, and while we can confirm that no credit card information was compromised, we took precautionary measures to help safeguard our customers. We discontinued the ability to use a Nintendo Network ID to sign in to a Nintendo Account, and we reached out to all customers whose accounts we had reason to believe were accessed without authorization to help them take additional steps to protect themselves.”