Industry - Policy Change
Executive Summary
Nintendo confirmed that 160,000 user accounts were accessed through its Nintendo Network ID system starting in early April, exposing personal information including names, dates of birth, email addresses, and potentially Nintendo store payment details. The company believes attackers impersonated legitimate logins and has responded by disabling NNID login access, forcing password resets, and urging users to enable multi-factor authentication. Users who reused passwords between their NNID and Ni...
What Happened
Starting in early April 2026, Nintendo confirmed that 160,000 user accounts were compromised through unauthorized access to its Nintendo Network ID system. Attackers appeared to impersonate legitimate logins to access accounts, exposing personal information including names, nicknames, dates of birth, gender, country/region, and email addresses. In response, Nintendo disabled the ability to log into Nintendo accounts via NNID, forced password resets for both NNID and Nintendo accounts, and recommended users enable multi-factor authentication.
Who Is Affected
The breach affected 160,000 Nintendo Network ID users globally who did not have multi-factor authentication enabled on their accounts. Users who reused the same password for both their NNID and Nintendo account faced additional risk, as attackers could potentially access Nintendo store accounts and illegally use account balances, registered credit cards, or PayPal payment methods. Those with multi-factor authentication already enabled were not affected by the breach.
Why It Matters
This breach demonstrates the ongoing vulnerability of password-based authentication systems and the critical importance of multi-factor authentication in protecting user accounts. The timing coincided with a surge in Nintendo's user base due to the popular Animal Crossing: New Horizons release during stay-at-home periods, magnifying both the potential impact and public attention. The incident underscores how credential reuse across linked services can compound exposure, turning a personal information breach into potential financial fraud.
What You Should Do
If you have a Nintendo Network ID, immediately change your password and ensure it is different from your Nintendo account password. Enable multi-factor authentication on both your NNID and Nintendo account to prevent unauthorized access. Review your Nintendo store purchase history for any unauthorized transactions and contact Nintendo to report and cancel any suspicious charges. Stop reusing passwords across different accounts and consider using a password manager to maintain unique, strong passwords for each service.
Summary generated from verified sources and reviewed before publication. How we summarize.