You can protect your Nintendo accounts by enabling 2FA.
The last thing gamers need during Coronavirus lockdown is getting their favorite gaming platform being DDoSed or their console accounts compromised. But the fact is that it’s already happening and this time, apparent victims are unsuspected Nintendo users.
It all started when Nintendo users took the issue on Twitter complaining that their Nintendo accounts are being hacked and accessed by third-parties not once but multiple times. One such user is LootPots’ founding editor Pixelpar suspecting that Nintendo has suffered a major security breach.
Pixelpar revealed that his Nintendo account was “accessed numerous times overnight” even though his password was “a unique string and that his PC hadn’t been compromised.”
A tweet sent out by Pixelpar:
I suspect Nintendo may have had a major security breach. My account was accessed numerous times overnight.
My password is a unique string and my PC is definitely clean (not that I ever login via it).
Lots of similar reports on Reddit/twitter.
Unlink PayPal & enable 2FA folks!
— Pixelpar (@pixelpar) April 19, 2020
However, it didn’t end here. In fact, loads of users have now confirmed that their accounts were indeed compromised or received unusual and suspicious login activity alerts. One such user going by the online handle of “Kemal86” on Resetera forum wrote that,
“Yep. I had a unique password. I got an access notification that someone in the US used Firefox to access my account, which I never use. I changed to another random unique password. 30 minutes later, I got accessed from Russia. Changed the PW again and added 2FA.”
Another user “benbeau” shared similar experience stating that, “Yeah. I got an email from Nintendo the other day saying my account was logged into from Russia. I didn’t even realize I hadn’t set up 2FA yet. Fixed it up real quick, and they didn’t manage to cause any damage.”
The list goes on…
However, what may worrisome is that hackers are already using compromised Nintendo accounts to carry out financial transactions or go online shopping using payment cards or methods attached to the account.
For instance, one Twitter user claimed that someone hacked their PayPal account and spent $200 on Nintendo games. Another user said that “someone hacked their Nintendo account and bought 150 fucking dollars of Fortnite currency.”
Yet it is unclear what’s really going on as there has been no official comment from Nintendo itself. It is also unclear how these accounts are being logged in elsewhere when users are claiming to have used unique passwords that were never compromised in the past.
Nevertheless, if you are a Nintendo customer it’s time to protect your account and any payment method attached to it. For this, the company has already introduced 2-Step Verification in which a user is granted access only after successfully presenting two or more pieces of evidence to an authentication mechanism.
You can also follow these steps to protect your Nintendo account from hackers:
2- Select Sign-in and security settings, then scroll down to 2-Step Verification and click Edit.
3- Click 2-Step Verification settings.
4- Click Send email to have a verification code sent to the email address on file.
- If the email address is incorrect, click the Email address menu setting under User Info to change it.
5- Enter the verification code from the email, then Submit.
6- Install the Google Authenticator app on your smart device.
- This is a free app, available through Google Play (Android) and the App Store (iOS).
7- Use the smart device app to scan the QR code displayed on your Nintendo Account screen.
8- A 6-digit verification code will appear on your smart device. Enter the verification code into the field under step 3 on the Nintendo Account screen, then Submit.
9- A list of backup codes will appear. Click Copy to copy all the codes, then paste them somewhere safe.
- A backup code will be required to log in if you don’t have access to the Google Authenticator app. MAKE SURE TO KEEP THESE SOMEWHERE SAFE.
- You can use these (one time each) if you do not have access to the Google Authenticator app.
10- Click I have saved the backup codes, then OK.
- Once set, you can return to the 2-step verification settings section to review the backup codes and remove the 2-step restriction.