Nintendo has updated its statement regarding a data breach targeting its users’ accounts, almost doubling the number of victims to 300,000.
In early April, the company advised Nintendo account holders to enable two-factor authentication, without explaining the cause of the recommendation.
A further statement was published two weeks later, when Nintendo announced that it would be disabling “the function to log in to a Nintendo account via NNID,” which stands for Nintendo Network ID, due to a series of attempts to illegally access user accounts.
A month prior, in March, Nintendo customers began complaining that their accounts were being charged for digital items without their permission. An investigation revealed that hackers managed to get hold of users' personal data such as the account owner’s name, email address, date of birth and their country of residence.
At the time, Nintendo estimated the number of victims to be 160,000. However, a revision of the statement now claims that almost twice as many customers have had their data accessed.
In the updated statement, the company announced: "We posted a report on unauthorized login on April 24th, but as a result of continuing the investigation after that, there were approximately 140,000 additional NNIDs that may have been accessed maliciously", raising the total number of victims to 300,000.
Nintendo added that it had “reset the passwords for these 140,000 NNIDs and the Nintendo accounts that were linked with them, and contacted the customer separately
“At the same time, we are taking additional security measures. (...) We are still in the process of refunding in each country, but we have already finished refunding for most customers," it added.
How enterprises are embracing cyber security challenges
Enterprises across Europe, the Middle East and Africa are undergoing a significant transformation
The company, which has reported a significant growth in sales due to the resurgence of gaming over the course of the pandemic lockdown, maintains that, despite the large number of victims, less than 1% of all Nintendo accounts were impacted by the breach.
Today it was also announced that patients using the Babylon smartphone app to book GP appointments were inadvertently given access to videos recorded by other patients. The private healthcare company has admitted that the data breach was as a result of a software error whereby a new feature worked improperly.
