There might be a security breach with Nintendo Accounts. Change your password, check your logins, and enable 2FA.

[Orb]

Pixelpar on Twitter

“I suspect Nintendo may have had a major security breach. My account was accessed numerous times overnight. My password is a unique string and my PC is definitely clean (not that I ever login via it). Lots of similar reports on Reddit/twitter. Unlink PayPal & enable 2FA folks!”

twitter.com

I suspect Nintendo may have had a major security breach. My account was accessed numerous times overnight.

My password is a unique string and my PC is definitely clean (not that I ever login via it).

Lots of similar reports on Reddit/twitter.

Unlink PayPal & enable 2FA folks!

Click to shrink...

This happened to me. Unique, random password and my account was accessed from Russia. Lots of replies on this tweet saying the same things.

This is unconfirmed but I feel like something is up. I would exercise caution if you have a Nintendo Account.

 

[ActWan]

Done.

 

[NotLiquid]

Didn't this happen not too long ago? I distinctly remember a similar scare going around earlier in the year that had people unlinking Paypal / setting up Nintendo 2FA, and it seemed Fortnite related somehow.

 

[TeenageFBI]

Did you have 2FA enabled?

 

[Kemal86]

Yep. I had a unique password. I got an access notification that someone in the US used Firefox to access my account, which I never use.

I changed to another random unique password.

30 minutes later, I got accessed from Russia.

Changed the PW again and added 2FA.

 

[Lant_War]

You should have 2FA on regardless

 

[Mekanos]

How can you check if your account has been logged into elsewhere?

 

[NotLiquid]

How can you check if your account has been logged into elsewhere?

Click to shrink...

There's a login history page on your Nintendo Account.

 

[Deleted member 51691]

How can you check if your account has been logged into elsewhere?

Click to shrink...

Check your login history on Nintendo's website. And Nintendo emails you with a new login so you should easily notice if something's up with your account.

 

[hydruxo]

How can you check if your account has been logged into elsewhere?

Click to shrink...

'Sign-in and security settings' in your profile on Nintendo's website

 

[Orb]

Did you have 2FA enabled?

Click to shrink...

No, but I do now. Regardless, someone was able to get into my account that had a unique, high-entropy password that has never been used anywhere else. Kind of a big deal. Not your typical password reuse hack.

 

[Magic-Man]

Changed password.

 

[Liquid Snake]

Thanks for the heads up, done.

As someone who's studying cyber-security currently, this is a really big deal. And not a good sign, it probably means multiple breaches and an incoming shitstorm.

 

[TeenageFBI]

If these are truly long, random, unique passwords, it sure sounds like an actual breach. Couldn't hurt to change your password (and add 2FA if it's not already there).

 

[benbeau]

Yeah. Got an email from Nintendo the other day saying my account was logged into from Russia. Didn't even realize I hadn't set up 2FA yet. Fixed it up real quick, and they didn't manage to cause any damage.

 

[Mekanos]

Thanks guys. Looks like I'm good but I should probably change my password just in case.

 

[Nanashrew]

How to setup 2FA for anyone that needs it

Nintendo Support: How to Set Up 2-Step Verification for a Nintendo Account

en-americas-support.nintendo.com

 

[Mad Matt]

Wow, strange timing since I just set up 2FA again yesterday. Thanks for the heads-up. I changed my password and unlinked Paypal.

 

[Jakenbakin]

I had a random login from Russia a couple of weeks ago, made me finally get off my ass and implement 2FA

 

[RCSI]

Thanks for the heads up, I was tempting fate as 2fa was not enabled, now it is.

 

[plebc]

It's not a breach, just enable 2fa. They are "cracking" Nintendo accounts because of Fortnite.

 

[Vampirolol]

I activated double check weeks ago, I hope that's enough.

 

[A1an]

Does the Nintendo account 2FA work with Authy?

 

[Orb]

If these are truly long, random, unique passwords, it sure sounds like an actual breach. Couldn't hurt to change your password (and add 2FA if it's not already there).

Click to shrink...

For me it was a truly "random" 20-character string using lower, upper, numbers, and symbols that is not used anywhere else. I don't know any way someone could have got in short of a breach.

 

[Orb]

Does the Nintendo account 2FA work with Authy?

Click to shrink...

Yes, it does. The website tells you to use Google Authenticator but Authy and others work as well.

 

[LilScooby77]

I've had 2fa on my Nintendo account so I should be fine?

 

[Kouriozan]

Too bad, I have 2FA.

 

[Orb]

It's not a breach, just enable 2fa. They are "cracking" Nintendo accounts because of Fortnite.

Click to shrink...

Fortnite hackers have the computational power to crack a password like v6RjkHB%5$GeQto42!*p ?

 

[Jedi2016]

No unusual activity, but I've been meaning to activate 2FA for my Nintendo account, so there you go.

 

[zswordsman]

Not a fan of using a Google app in order to activate 2FA but it's better than nothing I guess. Apparently if you erase the app on your phone the app won't save it or have a backup since it's local only. So I advise everyone to really save those Nintendo backup codes after setting up 2FA.

 

[Relix]

2FA is always enabled on my side. Google Authenticator.

 

[Doggg]

Thanks for the heads up.

 

[TeenageFBI]

Too bad, I have 2FA.

Click to shrink...

I mean, I wouldn't want someone to have my password even if I have 2FA enabled (which I do). We can't be certain that the 2FA implementation is as solid as it should be and it's very easy to change a password.

 

[Naga]

Weird stuff, would be interesting to get more confirmations and maybe something to link this together to see if it's truly a breach.
Like some are saying it's linked to people having played Fortnite, some having played AC online with random people, etc.

At least it'll push people to enable 2FA. And use Authy.
edit: and yeah, save your backup codes regardless too.

I've had 2fa on my Nintendo account so I should be fine?

Click to shrink...

If you have 2FA, you should generally be fine yeah.

 

[alpha]

Realized I needed to do this. The problem is, that account is old and uses an email I don't have access to anymore and it wants to send a verification code to that before it will let me change anything like 2FA or changing the email.

So for now I just removed my payment info from it so that wouldn't be able to be accessed.

 

[Deleted member 925]

I would enable 2FA, but I don't want to use some Google app. Why can't we just use our phone number?

 

[MouldyK]

Say my friend uses my account from time to time to try games our on their Switch.

If I enable 2FA now, would they need to sign in again or would this only concern new people signing in?

 

[Jonnykong]

I got two emails a few hours ago saying somebody from Ukraine and Russia was trying to access my account.

I've since changed my password and activated 2fa.

 

[Regiruler]

Is this the page?

Nintendo Account

accounts.nintendo.com

Looks like I'm good

 

[Deleted member 31092]

Daily reminder to always use unique passwords and 2FA for everything.

 

[P-Bo]

Done--thanks for the heads up. Also gonna check my bank account for any recent transactions.

 

[Tom Nook]

Done.

Thanks for the heads up.

 

[Linde]

im reading up on 2FA and the google authentication app
apparently it stores data to the phone without backup? What happens if we lose access to our phone then? Are we locked out of the nintendo account as well?

Correct me if its wrong

 

[Kouriozan]

I mean, I wouldn't want someone to have my password even if I have 2FA enabled (which I do). We can't be certain that the 2FA implementation is as solid as it should be and it's very easy to change a password.

Click to shrink...

I would change password but we already got people claiming they just changed it and got hacked again so I'll wait a bit and see if I get attempt emails.
I don't keep my CC infos on my account anyway.

im reading up on 2FA and the google authentication app
apparently it stores data to the phone without backup? What happens if we lose access to our phone then? Are we locked out of the nintendo account as well?

Correct me if its wrong

Click to shrink...

They give you unique emergency codes to store if you lose your phone.

 

[TeenageFBI]

im reading up on 2FA and the google authentication app
apparently it stores data to the phone without backup? What happens if we lose access to our phone then? Are we locked out of the nintendo account as well?

Correct me if its wrong

Click to shrink...

I *think* Google has a way to recover your codes (unsure if you have to manually enable it beforehand) but I'd rather just use Authy which allows you to get codes on multiple devices.

 

[Garlador]

Yeah, I got an email last night, changed my password, and got another email this morning. Something is up.

 

[Martin]

im reading up on 2FA and the google authentication app
apparently it stores data to the phone without backup? What happens if we lose access to our phone then? Are we locked out of the nintendo account as well?

Correct me if its wrong

Click to shrink...

Use authy, it is a much better app and you can also use it on your pc.
When setting up 2FA you always get backup codes. Keep them safe! They can safe your ass!

 

[808s & Villainy]

im reading up on 2FA and the google authentication app
apparently it stores data to the phone without backup? What happens if we lose access to our phone then? Are we locked out of the nintendo account as well?

Correct me if its wrong

Click to shrink...

They give you backup codes that you should save somewhere and use if you lose access to your authenticator

 

[TheBiInBilingual]

Where do you put on 2FA? On the Switch or Nintendo's website?

 

[Orb]

I would enable 2FA, but I don't want to use some Google app. Why can't we just use our phone number?

Click to shrink...

You don't actually have to use Google Authenticator, there are other apps that do the same thing. I recommend Authy.