On the afternoon of Sunday, April 19, the Twitter user “Pixelpar” reported that someone has accessed his Nintendo account. The responses of other players to that tweet and mentions in forums and other communities point to an increase in third-party access to Nintendo accounts. The users and the company itself have now advised activating 2 steps verification, something that we will explain how to do at the end of the news.
I suspect Nintendo may have had a major security breach. My account was accessed numerous times overnight.
My password is a unique string and my PC is definitely clean (not that I ever login via it).
Lots of similar reports on Reddit/twitter.
Unlink PayPal & enable 2FA folks!
— Pixelpar (@pixelpar) April 19, 2020
“I suspect Nintendo may have had a major security breach. My account was accessed numerous times overnight,” says @Pixelpar in his tweet. “My password is a unique string and my PC is definitely clean (not that I ever login via it). Lots of similar reports on Reddit/twitter.” He has also advised to “unlink PayPal and activate 2FA [two-step verification]”.
Immediately, there were responses from other users who commented on the same problem. In the ResetEra forum, a user points out that he has “a unique and random password and my account was accessed from Russia.” Another user explains a similar situation: “I had a unique password. I got an access notification that someone in the US used Firefox to access my account, which I never use. I changed to another random unique password. 30 minutes later, I got accessed from Russia. Changed the PW again and added 2FA.”
On April 9, Nintendo’s official Twitter accounts posted messages promoting for two-step verification activation. Two days earlier, Nintendo Japan posted a message stating that they had seen unauthorized logins on multiple accounts, which would have allowed access to users’ payment details.
Help protect your Nintendo Account by enabling two-factor authentication.
Go here for more details: https://t.co/4CtboIORII
— Nintendo of Europe (@NintendoEurope) April 9, 2020
In the early hours of this Monday, the technical service of Nintendo Japan published a statement on the social network advising that multiple users are having problems completing purchases with a credit card in the Nintendo eShop. At the time of writing this news, Nintendo has not published information about it on any of its social networks in Europe or the United States.
How to activate two-step verification for your Nintendo account:
Although the scope of this alleged security breach is unknown, it doesn’t hurt to follow Nintendo’s advice and activate two-step verification. Follow the below steps to activate two-step verification for your Nintendo account:
- Go to https://accounts.nintendo.com and sign in to your Nintendo Account.
- Select “Sign-in and security settings”, then scroll down to “Two-Step Verification” and click “Edit”.
- Click “Enable two-step verification”.
- Click “Submit” to have a verification code sent to the email address shown.
- If the email address is incorrect, click “Change” next to the “Email Address” menu setting under “User Information” to change it.
- Enter the verification code from the e-mail, then select “Submit”.
- Install the Google Authenticator app on your smart device.
- This is a free app, available through Google Play (Android) and the App Store (iOS).
- Use the smart device app to scan the QR code displayed on your Nintendo Account screen.
- A 6-digit verification code will appear on your smart device. Enter the verification code into the field under step 3 on the Nintendo Account screen, then select “Submit”.
- A list of backup codes will appear. Click “Copy” to copy all the codes, then paste them somewhere safe.
- A backup code will be required for sign-in if you don’t have access to the Google Authenticator app. Make sure to keep these somewhere safe.
- You can use these (one time each) if you do not have access to the Google Authenticator app.
- Click Backup codes saved”, then “OK”.
- Once set, you can return to the “Two-step verification settings” section to review the backup codes and remove the 2-step restriction.