Nintendo Switch Online hack: Company confirms huge breach of players' details

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

Nintendo has confirmed a huge hack that allowed access to 160,000 people's accounts on its online services.

Rumours of a hack had spread in recent days as players reported suspicious logins and unauthorised purchases being made from their accounts.

Now the company has confirmed those accounts were hacked, in a post on its Japanese website.

It said that hackers had been able to access online logins that had been made available elsewhere on the internet, with issues beginning in April. It gave no details of how the details were stolen or how widely they had been used.

Nintendo confirmed that some people had used the logins for illegal purchases on its stores. It asked that users investigate such incidents themselves, try and cancel the payments, and inform Nintendo – though it cautioned the company may not be able to reply straight away.

The hackers were able to steal Nintendo Network IDs – which are used as login usernames on the online service – and passwords, the company said. While those NNID accounts give access to some personal information including a person's data of birth and email address, many people also use the same login on their Nintendo account, which can be used in the Nintendo Store or its online eShop for games.

The NNID was an old way of logging in to Nintendo services, but has been kept around to allow players to login through with their older account details. In response to the hack, it will get rid of those NNID logins, asking people to sign in using their email address instead.

Nintendo also said that it had reset people's account passwords, and that they will have to register a new one. It asked people not to use the same password as on any other sites.

It also asked users to turn on two-factor authorisation, which ensures that people are unable to access accounts even if they do have the password.

Users affected by the hack will be contacted over email, Nintendo said.

"We sincerely apologise for any inconvenience caused and concern to our customers and related parties," it said in the post, which appeared in Japanese. "In the future, we will make further efforts to strengthen security and ensure safety so that similar events do not occur."