Update (Tue 21st Apr, 2020 12:30 BST): Nintendo has offered a statement to VGC, explaining that it is aware of the reports (original story below):
“We are aware of reports of unauthorized access to some Nintendo Accounts and we are investigating the situation. In the meantime, we recommend that users enable two-step verification for their Nintendo Account as instructed here.
“If any users become aware of unauthorized activity, we encourage them to take the steps outlined at https://www.nintendo.co.uk/Support/Nintendo-Account/Nintendo-Account-Recovery-Process-1658054.html or visit https://support.nintendo.com for general support.”
Original Article (Mon 20th Apr, 2020 14:45 BST): Multiple Nintendo Switch users have taken to social media over the weekend to report unauthorised third-party logins on their Nintendo accounts. The reports have sparked concern over the security of Nintendo's user data handling, with some reporting that their payment details have been used to purchase digital items from Nintendo's eShop.
In one such report, Twitter user @Pixelpar says that their account "was accessed numerous times overnight" despite having a unique password. In another, @TerranSherwood says, "my Nintendo Account was hacked this morning and they made off with $100 for Fortnite". Similar stories can be found across the likes of Twitter and Resetera, with several stating that their accounts had been accessed from Russia and the US.
Nintendo has recently been running a social media campaign to promote 2-Step Verification - a security measure designed to fight against unauthorised account logins. The tweet below was published by Nintendo just over a week ago.
Just days before that tweet was posted, Nintendo also issued a warning to account holders in Japan, noting that the number of user inquiries relating to credit card fraud had been increasing. A similar, more transparent warning hasn't been issued to western players, so it's currently unclear whether or not Nintendo is aware of similar breaches worldwide.
For your own safety and account security, we'd recommend setting up 2-Step Verification yourself. You can do so by following the steps below.
How To Set Up 2-Step Verification On My Nintendo Switch Account
- Go to the Nintendo Account website and sign in to your Nintendo Account.
- Select Sign-in and security settings, then scroll down to 2-Step Verification and click Edit.
- Click 2-Step Verification settings.
- Click Send email to have a verification code sent to the email address on file.
- If the email address is incorrect, click the Email address menu setting under User Info to change it.
- Enter the verification code from the email, then Submit.
- Install the Google Authenticator app on your smart device.
- This is a free app, available through Google Play (Android) and the App Store (iOS).
- Use the smart device app to scan the QR code displayed on your Nintendo Account screen.
- A 6-digit verification code will appear on your smart device. Enter the verification code into the field under step 3 on the Nintendo Account screen, then Submit.
- A list of backup codes will appear. Click Copy to copy all the codes, then paste them somewhere safe.
- A backup code will be required to log in if you don’t have access to the Google Authenticator app. MAKE SURE TO KEEP THESE SOMEWHERE SAFE.
- You can use these (one time each) if you do not have access to the Google Authenticator app.
- Click I have saved the backup codes, then OK.
- Once set, you can return to the 2-step verification settings section to review the backup codes and remove the 2-step restriction.