We Finally Know How Switches Were Being Hacked
Over the last few weeks, gamers with Nintendo accounts have complained of multiple security breaches. People have reported seeing logins on their accounts from multiple countries, as well as unauthorized purchases being made with the payment methods attached to their accounts. As of a few days ago, Nintendo finally responded, informing IGN that the matter was being investigated. Still, nobody could seem to figure out how these hackers were getting in.
On it's official Japanese website (via IGN), Nintendo has now revealed what loopholes the hackers appear to have been using. Apparently, the affected accounts were all using Nintendo Network IDs (or NNIDs), an older form of online Nintendo account. While Nintendo Accounts by and large replaced NNIDs when the Nintendo Switch was released, users who had NNIDs beforehand kept theirs. Now around 160,000 NNIDs have been reported as compromised.
To that end, Nintendo has discontinued these accounts, setting NNID users up with new Nintendo Accounts. This change should keep the folks who had their accounts compromised in a much safer position. The company has also sent automatic password resets to all compromised accounts. Combining this with Nintendo's suggested two-factor authentication should ensure a much safer gaming experience.
On the unfortunate side of things, it appears as though Nintendo hasn't figured out how the hackers are gaining access to the NNIDs. The first logical theory would be that the company has been compromised in some way. However, Nintendo UK just released a statement regarding the hacks that read, "While we continue to investigate, we would like to reassure users that there is currently no evidence pointing towards a breach of Nintendo's databases, servers or services."
In other words, however these hackers are getting their info, they're not doing it through Nintendo's own databases. This would seem to imply that the info is somehow being leeched directly from users, but that has yet to be confirmed as well.
At the very least, it's comforting to know that Nintendo is proactively taking steps to curb the number of affected accounts. Hopefully these measures will make it more difficult for these hackers to get what they're after.