Update (Tue 21st Apr, 2020 12:30 BST): Nintendo has offered a statement to VGC, explaining that it is aware of the reports (original story below):
“We are aware of reports of unauthorized access to some Nintendo Accounts and we are investigating the situation. In the meantime, we recommend that users enable two-step verification for their Nintendo Account as instructed here.
“If any users become aware of unauthorized activity, we encourage them to take the steps outlined at https://www.nintendo.co.uk/Support/Nintendo-Account/Nintendo-Account-Recovery-Process-1658054.html or visit https://support.nintendo.com for general support.”
Original Article (Mon 20th Apr, 2020 14:45 BST): Multiple Nintendo Switch users have taken to social media over the weekend to report unauthorised third-party logins on their Nintendo accounts. The reports have sparked concern over the security of Nintendo's user data handling, with some reporting that their payment details have been used to purchase digital items from Nintendo's eShop.
In one such report, Twitter user @Pixelpar says that their account "was accessed numerous times overnight" despite having a unique password. In another, @TerranSherwood says, "my Nintendo Account was hacked this morning and they made off with $100 for Fortnite". Similar stories can be found across the likes of Twitter and Resetera, with several stating that their accounts had been accessed from Russia and the US.
Nintendo has recently been running a social media campaign to promote 2-Step Verification - a security measure designed to fight against unauthorised account logins. The tweet below was published by Nintendo just over a week ago.
Just days before that tweet was posted, Nintendo also issued a warning to account holders in Japan, noting that the number of user inquiries relating to credit card fraud had been increasing. A similar, more transparent warning hasn't been issued to western players, so it's currently unclear whether or not Nintendo is aware of similar breaches worldwide.
For your own safety and account security, we'd recommend setting up 2-Step Verification yourself. You can do so by following the steps below.
How To Set Up 2-Step Verification On My Nintendo Switch Account
- Go to the Nintendo Account website and sign in to your Nintendo Account.
- Select Sign-in and security settings, then scroll down to 2-Step Verification and click Edit.
- Click 2-Step Verification settings.
- Click Send email to have a verification code sent to the email address on file.
- If the email address is incorrect, click the Email address menu setting under User Info to change it.
- Enter the verification code from the email, then Submit.
- Install the Google Authenticator app on your smart device.
- This is a free app, available through Google Play (Android) and the App Store (iOS).
- Use the smart device app to scan the QR code displayed on your Nintendo Account screen.
- A 6-digit verification code will appear on your smart device. Enter the verification code into the field under step 3 on the Nintendo Account screen, then Submit.
- A list of backup codes will appear. Click Copy to copy all the codes, then paste them somewhere safe.
- A backup code will be required to log in if you don’t have access to the Google Authenticator app. MAKE SURE TO KEEP THESE SOMEWHERE SAFE.
- You can use these (one time each) if you do not have access to the Google Authenticator app.
- Click I have saved the backup codes, then OK.
- Once set, you can return to the 2-step verification settings section to review the backup codes and remove the 2-step restriction.
If it were just a case of "we'll text you a code" I'd go through with it, but this does seem like more than I'm willing to deal with when I want to pop in to a Nintendo log in real quick. I'll meet them half way, and update my password.
Edit: Okay, okay, I did the thing. It's a one time deal, and I didn't end up having to go through Google, so it's fine.
"Install the Google Authenticator app on your smart device."
Sad you need another app for this, I use 2fa in a lot of places and often SMS or the app of the service itself (like Steam or Battlenet) are enough.
Having options would be nice.
2FA needs to become a requirement for all services. They (Nintendo and everyone else) also need to work to make it as secure as possible.
I don't want to have ANYTHING google on my smartphone.
But yes, I get login attempts at least once a day.
Sucks. Digital age. Yay.
This does seem pretty cumbersome. Why cant their be password attached to a question when trying to purchase something from the eshop? Would seem much simpler.
One year ago my account was hacked. I immediately contacted support. After bouncing emails back and forth for two months, and providing them my username, date of birth, email address, first ever purchase on my account, last five purchases(date, price, title, last digits of credit card), console serial numer they deemed it not enough, as I couldn't provide the receipt of purchasing the console(which I had done two years prior, by cash). I lost 20+ digital games, linked 4 year old Warframe account, multiple saves. I will never get back from that.
My point is, be careful with your logins, use 2 step authorisation and DO NOT link your Nintendo Account to any other site. Customer Support won't help you.
This actually happened to me twice last week, and I was using Chrome's "generate password" feature. I changed my password and it happened again, so something's going on. I set up 2 factor a couple of days ago.
And does this change somehow the way I can purchase something through the eshop? Is it going to send me a code each time through that google app?
@GTBen I unlinked my social media.
Thanks for the heads-up!
@Scollurio @Rayquaza2510 you dont need to use the google app. use "authy" instead, it uses the same open standard
@Desrever use it. it only take a few seconds and is only required once for nintendo logins
@luxoricious only the first time
Google authenticator app has a lot of issues apparently, if you lose your phone/smart device, or it dies suddenly, your done. No recovery options. Nintendo should have just made its own 2 step option, or have a save state for accounts, that way your able to get your account back to what you had. Maybe even a Skype option for identification purposes. It's not hard to come up with security options and I'm sure people who invested into Nintendo wouldn't mind using these options to get their accounts back.
@Rayquaza2510 SMS is not secure. Steam uses its own built in authenticator as does battlenet. Nintendo just doesn't have its own which is why it uses google. Google auth can be used used by other companies as well (reddit, ubisoft, facebook, etc).
There are recovery options. Backup codes.
@Fido007 Not true. When you set it up you generate a set of recovery codes. You save those someplace secure. If you lose your phone or it dies you use a recovery code to authenticate then setup your new device.
@Fido007 use authy
A little bit of a hassle, but nowhere near as much as a hassle as having my account hacked would be. Set it up for all four of my Nintendo Accounts.
@Chandelure-BW This was the reason I moved from google to Authy back in November when I got a new phone. None of my logins transferred over so I had to manually transfer them all over to Authy but worth it too have the cloud backup for later.
@Bustacap Well, dang. Since you took the time to call me out on it, then I suppose I will.
"In case you lose your phone"
Ah geez. I was already contemplating getting a new phone and I use Google Authenticator at work, too. This tips the scale on that decision.
If your giving out your NIN account to others then expect the problem. Just make it random eight character or more of words and numbers and that will stop them. How come people still use 1234 and I'm a GOD...just plain stupid and should get hacked.
Many people have many accounts over the net (I have over 70 on various sites) each wants 2 step, each wants to give you a set of recovery codes) this is ludicrous. These sites need to secure their sites/services better and stop dumping the responsibility on the site user. This is the same thinking that's gotten us into paying more for games that are no longer fully contained on their SD cards. 'Feed it to them piecemeal and they'll swallow it.' wake up people.
What if there is no card infos linked with the account ? How can purchase be done without??
@SenseiDje Using someone else's card, I'd assume. Timmy Doe's MyNintendo account could have transactions on it from a seemingly unrelated or fraudulent Jane Smith's card, but that's Timmy's mother. So it doesn't cross-check the account name to the card name nor require you to save that card's info to Nintendo's site.
You DON'T NEED Google Authenticator. Authy, Aegis, Microsoft Authenticator, password managers like Enpass, Myki and all the others would do.
Use whatever you like. I recommend Aegis, which is open-source.
@SyFyTy if the password is the problem, there’s nothing the sites can do about it. Using 2fa is an important solution. I use 1password and it deals with all of this. Other free options are available.
@msimsek Thanks. I wasn't about to do this with anything related to Google. And if I don't have Nintendo store my CC info, can a nefarious purchase still be made through my account?
Make sure you keep your backup codes or use Authy instead.of Google Authenticator. If you buy a new phone, factory reset your old one, or just uninstall the app for any reason, your codes will be lost forever. Reinstalling the app does does leave your codes in tact. You will be locked out of your Nintendo account.
@NintendoByNature because the answer to your question would be stored in the same database as your password. The same database that was hacked...
This issue wouldn’t affect me as I don’t play online and all my games are physical so I never bothered creating an account,
The only places I have an account is on my mobile and tablet device and even then my password is long and can only be accessed on those devices.
@Desrever @Rayquaza2510 Just a heads up. Many companies have stopped doing sms 2 step, because it is not secure. Some phone companies have even blocked automated 2 step texts from being sent on their systems. It is super easy for hackers to intercept text messages coming to.your line. (Also think about this outside of 2 step... They can intercept messages to your loved ones very easily)
The process sounds like a chore.
Why do they use that stupid app?
Would be much better if you got a text message with a code.
Happened to my wife's Switch account yesterday. She activated 2-step immediately. My account has been 2FA for almost a year now after my PlayStation account was hacked and I nearly lost the account.
I'm a bit confused. Exactly where was the vulnerability? What got exploited? Was it Nintendo? Was it Facebook? Something unrelated?
@NotoriousWhiz It’s not possible to tell from the article. I’m guessing phishing scams / social engineering. People putting details into dodgy websites offering free ACNH bells...
@TheLightSpirit exactly what I was going to say...
Don’t save your card details to any service like this as if your account’s hacked then nothing can be bought.
@biglittlejake is a typical Nintendo-style solution...
So, stupid question... how do we know if there's been unauthorized access? Like, is an email sent out or what?
I wish they would explain how the thefts occurred. I expect that money was stolen from users who had their credit card data stored in their Nintendo e-shop account. I don't keep my credit card number saved. In other words, I have to type in my credit card number every time I want to add money to my e-shop account. And when I add money to my account, I spend it all immediately. I think I'll be safe as long as I do that.
Finally someone asked this logical question. I wish I knew the answer to your question. I've never been careless enough to leave my credit card info in an internet account for hackers to find. I'm assuming the people who are getting hacked are the ones who leave their credit card number saved in their account because they're too lazy to type it in every time they want to buy games.
When you say "remove all payment info", what do you mean? I've never saved my credit card info in my e-shop account. I have to type my credit card number in every time I want to buy games. Am I safe?
@TheLightSpirit exactly and isn’t it funny how company’s that let you store bank card details never give removing the details as a method of protection!
Hey guys ... The hack involved the Nintendo Network ID (wii u and 3ds accounts) so if you have a Nintendo Networkd ID connected to your Nintendo account then you need to remove the link under "Linked Accounts". It does not matter if you change your Nintendo Account password as they are getting in via nintendo.net credentials linked to your Nintendo Account.
Basically what you want to see after logging into your Nintendo Account is "Nintendo Network ID ... Not linked". This will fix them getting into your account.
@Alpha-2002 There's actually a section in your user settings on your Nintendo account that will tell you when and where logins have happened. Some on Twitter posted screenshots of login notifications from all over the world.
@MrMichaelJames but I don't want another app, that's more the point because I am kind of sick of everything needs a app.
Don't get me wrong but the store I shop need a app for sales, my bank need a app, certain goverment stuff requires app, and so on and on and on, I have 14 extra apps on my phone only because everything needs their own goddamn app (sorry for my language)
@Tim_Vreeland then give me email as a option, I really don't want more apps (send a code to insert on their site just like uplay and humble bundle do)
I just discovered it works with the Microsoft app which I used for my mail, in that case I don't need any extra app.
Still Nintendo having options would be nice.
I've activated 2FA on my account about a month ago. And deleted my payment method as well. So I hope I'm okay.
One thing I would like to know is how is it possible for anyone to make out with anything, purchasing something on your Nintendo Account? I mean, if someone hacks my account and buys 2 Pokémon expansion passes, wouldn't those purchases be tied to my Nintendo account
(not being able to be accessed on another) and download to my Switch or am I missing something in how or what the hackers are actually doing?
Thanks a lot for that! This entire thread would be a waste of time if it weren't for your posts. People, have the common sense not to save your credit card number on a freaking videogame buying site!
Weirdly I just set this up and discovered I already have a Nintendo 2FA in my Authenticator app. I’ve not been asked for 2FA when logging in with Nintendo recently so it seems like it somehow got deactivated and I didn’t notice.
Works with Microsoft Authenticator as well.
@Asciidan Yeah I enabled 2 step with Microsoft authenticatior (already use it for Xbox) when this sort of thing first got reported on.
I set up 2FA a long time ago, but I went ahead and unlinked both my Twitter account (which I only occasionally use for posting screenshots from games) and my Nintendo Network ID (which is what @ericisright is referring to, and since I don't use my 3DS and Wii U much I really don't need them linked).
Also a good step some of you might want to take in the event your Switch ever gets stolen, enable the parental controls and set up a PIN (I'm using an 8 digit PIN which is the max number of digits allowed). You can set it up so that nobody can play any games or mess with any save data unless they have that PIN. Granted you probably won't be getting the system back, but at least the thief can't use it or likely even sell it in that state.
I've been using Google authenticator, but it looks like a lot of people here are unhappy with that. Any particular reason? Is it less secure than other 2FA apps?
I never, ever store my payment data though.
I was wondering this. I mean, they ARE getting info from some place. It's not like they magically come up with your account and just like that break in. They get bits of info from somewhere.
I don't have credit card stored, I have not linked my account to social media, I keep my pc clean and I do not clicketyclick any suspicious links and keep my pw updated.
I am not very confident using authenticators because if something happens wiht my phone... then it's all gone. Even I have sold my soul to Google already by having Android.
They'd probably change pw and the email so there is no way you get back in. Your Switch would just complain bad pw.
@Alpha-2002 I just logged into my nintendo account on nintendo's webiste. In "sign-in and privacy" or it's "sign-in and security", there is a sign in history. And when you log in, a notification is sent to your email. If you never log into your nintendo account on their webiste, then you don't see notificaions. So, I'm guessing the people with unauthorized logins saw the email notifications with fishy time, country, browser citation.
i have one hotmail account and I get attacks frequently. Very annoying. I had to change like 100th my password. While other accounts I don't have such attacks
@Fido007 "Google authenticator app has a lot of issues apparently, if you lose your phone/smart device, or it dies suddenly, your done. No recovery options."
Not true. Google generates a list of 10 one-time-use backup codes that you can use to access your account if for some reason you don't have your phone or tablet with you. These codes are available for any site that uses Google for 2-factor authentication. Just be sure to write the codes down and keep them in a safe place. I personally use KeePassXC with the file backed up in multiple locations to generate uncrackable passwords and manage things like backup codes and answers to security questions.
Some people are just stupid paranoid, and do not want to use Google for anything.
Somehow they mistake privacy concerns with security concerns. But there is absolutely no problem using the Google authenticator.
Google has one of the best track records when it comes to security. So you are fine.
You can use Microsoft Authenticator or something else. It's also good. It comes down to what ecosystem you normally use.
In the end, it doesn't really matter what you use. Just use 2FA.
Personally I think there's something serious going on, it's not just sloppy users. This happened to me 3 times in the past week. First on 4/12 I get an email notification that there is a login from Indonesia. I immediately change my password (within 10 minutes) using Chrome strong password generation on use "sign out accounts" on the Nintendo website. A few days later on the 16th, I get another email, this time a login from Brazil, I take the same steps. Finally 2 days later on the 18th I get another login, this time from the United States. I turn on 2-factor finally. This was all done from my phone.
This isn't a case of people being sloppy with their passwords or using the same one on different sites, there's something else going on here.
@Rayquaza2510 SMS is not a very secure way to do 2FA. It is easily exploited through SIM-card swap hacks, where your phone provider is tricked into transferring control of the phone number to the hacker's controlled cell phone.
@SyFyTy "...this is ludicrous. These sites need to secure their sites/services better and stop dumping the responsibility on the site user."
That's like saying, "Why should I have to carry this set of keys just to secure my belongings? Locksmiths should make better locks and stop dumping the responsibility on me!"
Tell me, what measures would you employ that security conscious website designers aren't already using? And remember, whatever alternatives you have in mind must be at least as secure as strong passwords and two-factor authentication.
@Bustacap Thanks for the info!
In case it hasn’t been said (also i’d add it to the article) but other authentication apps work such as Microsoft Authenticator which is what i personally use due to it’s ability to have cloud backups incase your device goes kaput (unlike Google Authenticator).
@51mmz0rz I had to change my password 6 times in the past 7 days. It's getting a bit out of hand.
My Nintendo account got hacked a couple weeks ago, they used my Paypal to buy $300 dollars worth of Fortnites V Bucks. Nintendo was very understanding and I got a full refund. Couple days later the 2 step verification appeared. Before I wouldnt have even considered it, but after that experience, I wouldn't go without it.
I've changed my password and set up two-step verification. Thanks for the heads up.
@Rayquaza2510 SMS is IN NO WAY secure though. For 2FA it's best to use an authenticator app (like Google Authenticator, but there are others as well) or a smart key (YubiKey or similar)
Also if you need an authenticator app but don't want to use the Google authenticator. You can use Microsoft Authenticator, YubiKey authenticator (uses the YubiKey device to unlock, but works just like a normal authenticator) or one of the many others.
My mate got the log in attempts over the weekend, so he’s currently trying a experiment where he’s changed his email (newly created, not used on anything else) & a new password + 2FA to see if it happens again.
If it does then it’s Playstation 2011 all over again.
@Desrever Are people really so lazy to install an Authenticator (Google, Microsoft, Authy) that they are still willing to leave themselves vulnerable like this?
Why am I paying for Nintendo Switch Online when Nintendo cannot secure user info?
An ounce of prevention is better than a pound of pain.
I'm surprised people aren't doing this already. Use authy, it takes seconds to setup. But hey if you're comfortable with a single password being between your account and credit card/paypal then all power to you, good luck.
This isn't a Nintendo issue, this is a global issue. Ive had hackers try to break in to my PayPal, Apple ID, Bank accounts, emails and even my stock account.They all had my info but two factor authorization stopped them cold. It has saved me tens of thousands of dollars, literally. For god's sake, in the US, the folks that keep track of your credit report were hacked and I don't have any direct business with them at all. Who you choose to do business with means little, crooks will be crooks and even the most secure business can be hacked. Its how we choose to protect ourselves that makes the difference and this is a must.
Epic games constantly sends me emails every Monday saying someone tried to access my account but they blocked it.
You are probably right. I am reading reports of online hacking to other online services. However, I still stand by my comment. Nintendo and other online services need to step up and assure customers that they doing what they can to secure user information. Nintendo did not make such a comment.
@MortalKombat2007 You do realize that the Sony PlayStation brand was hacked a few years ago and that hack was worse than this one. Millions of users got hacked and sony had to come out and make a big statement about it. So this is not just a Nintendo thing this is a worldwide problem with online accounts stretching across the board. I really hate it when people try to blame Nintendo for everything under the sun just because they're rooting for the competition. Also one of the best apps that you can use to protect yourself is Authy.
@Arckadius the 2fa has been available a lot longer
Yeah, it’s as if they got hacked, but are keeping it quiet. I agree, they all need to be better with this though. I can’t believe how often it’s happened to me. What a hassle.
@Drache_Kaiser unauthorized or not it is a attempt to log in not a actual login. For a actual login just buy eShop cards never give your info. Also if you do just delete it after every purchase. They would have to hack Nintendo itself at that point to get any of your financial information.
@Amin_Parker Sony still gets hacked all the time.
Thought it was just me. Good thing I changed my password and added 2-step verification
It sounds like they're just using Google Authenticator as an excuse not to update their system.
I am aware Sony got hacked in 2011 and they did poor job communicating with customers about it all. The waited too long to address the compromised information which resulted lawsuits. In addition, the compromised info was reported not encrypted aside from credit cards. Also, I never said I was rooting entirely for the competition. I am a fan of Sony and Nintendo, otherwise I would not have an account on Nintendo Life, or own several Sony and Nintendo products. I am just saying Nintendo needs to do is let customers know they are working behind the scenes to improve their security as well recommending security measure which the latter was the least they done. I get it, hackers happen and no online security is absolute but I am criticizing Nintendo for not looking into improving their security.
I had this turned on at one point, but had to turn it off because it stopped accepting the codes. I was never able to turn it back on, but finally got it working again yesterday.
I had two unknown logins on my account, but no purchases.
@Desrever SMS is not a secure form of 2FA unfortunately.
Put this way again Stupid password shows one's own Stupidity and Hacker/Cracker/Botnet/Malware will be your next partners in life.
2FA works if you don't forget or loose that information. And if on phone if you loose that forget any help getting that back. Random words and numbers 8 characters or more will stop any hacker unless it's a SuperComputer. They go for the lowest denominator and we all know whom those are. CEO......and those companies fail to do their job are also part of the problem more concern with profits and bottom end rather then securing the data. Just take Equalfax they made sure to cash their STOCKS rather then fix the problem which was told to them month and months to update the security fix but guess what they could give a *****))() as long as they were able to cash their STOCKS.
@Scollurio and anyone else talking about multiple logins even after changing, are you making sure to click to log out all other devices in your settings?
If someone is logged in already changing your password and activating 2FA won't do a thing alone. They're already logged in so it won't ask them for the new password or 2FA. You have to forcibly log them out.
@Sigils Thank you for the advice, as far as I know, I should be logged out, yes!
@Mountain_Man thanks, I seen the reviews on the app, made me think twice about downloading/using it. I may look into that KeePassXC, see if I can use it.
Also this is because of fake email that people are clicking to reset their accounts and permitting hacker to know everything this is why as well.
Nintendo likely got hacked.
I might have misunderstood but.... I deliberately don't save my PayPal or credit card to my account because of this. I just enter it into the e shop each time. Does that mean I shouldn't be impacted or are there other things they could do with my login?
@Rainbowjames I do the same.
As far as I’m aware it would just mean nothing could be spent if your account is hacked. The hacker would have access but nothing to do within the account so my guess is would move onto the next culprit.
Interesting how Nintendo don’t recommend to not save card details to our accounts to stop us losing money!
@datamonkey because 2fa is a lot more convenient than entering your cc or paypal info each time you buy something
I've removed my payment info from my account. If 2FA was an SMS message then I would have enabled it, but I don't want to install another app to my phone.
@crimsontadpoles do it and activate it for more services, not just nintendo. its a general use app
Rule #1: Never ever store you credit card info in your console.
If you don't trust Google, you can use the Microsoft Authenticator app (or any others you may find) to enable 2-Factor-Authentication. Works just like the Google one as far as I can tell, but less intrusive.
I've got 3 accounts. All now 2-step. Hardly takes any time at all. Save a copy of the backup codes somewhere. Job done. No fuss.
Hate to say this but I'd bet it's no coincidence that the timing correlates with the time since Animal Crossing: New Horizons launched (although in fairness an article yesterday stated that cybercrime in general has gone up roughly 400% during the coronavirus lockdown period). With the huge amount of players trying to find others online since then in order to get non-native fruit or purchase rare items in-game, it's not hard to imagine some individuals using that activity to use such information for malicious and/or criminal activity. After all, "Friend Code" or no, if they have your username they have half the equation (they need only your password after that) to access everything in your account, and if people are able to "data-mine" this game to the degree it has been already, then I'd highly suspect it's little trouble for criminals to do the same with its online components, including user information. It's the same principle behind how so many folks get their Facebook accounts hacked; once these people are inside, they can wreak havoc in a lot of very unpleasant and costly ways.
I already activated the two-step verification on my own account (which frankly I don't like doing as, if you forget or lose the combinations you receive, you'll be locked out of your own account and potentially lose everything). My own reservations about ACNH's online multiplayer involved people possibly sabotaging or destroying your island; while I've been fortunate enough thus far that hasn't happened, this bit of information is making me more than a little apprehensive about continuing to use the game's online aspects, let alone accept new friend requests.
There we go..that's how it's done. Now I can rest easy knowing Nintendo is doing something my online money.
I'm not too worried since I have no financial data tied to my account and only use eshop cards. This is why I don't shop online nor any banking apps.
@Bustacap I’d rather not take the risk. It takes me 5 seconds to add my details using the touch screen...
Yeah I had this happen a few weeks ago, luckily they emailed me to say there was a new log in and I knew it wasn't me immediately because it was a USA location. So I changed my password and put on two step. I haven't had any issues since fortunately. I have just bought my wife a switch but I am hoping her's will be okay as I've only used Eshop cards with that.
People complaining about what amounts to a security token to protect their account is hilarious.
All those 2FA and saving your info to your account does little when you click on phishing emails to reset your account and entered your info rather then going to the Actual Site and checking your account. Only then will this scam stop - people never seems to stop clicking on emails that they have no idea why a login/password reset was sent to them in the First place. If people just stop and Think did I request or ask for this if so why not just Login to the site and find out.
1. Ask yourself did you ask for reset???
2. Login to the legit site URL and see for yourself
3. Check your email aka From to see the actual Verified URL is correct-this is Obvious but people never look there.
4. Mark it as Phishing and report that to your email company to get it investigated.
5. Delete Unknown emails of Login/Password Resets aka Go to Step 2.
How hard is it for people but I guess they are still clicking and entering and not asking Smart questions whom is the smarter one here not the idiot that clicked on the FAKE reset.
I just gave up on the two-step authentication. It uses Google Authenticator, which isn’t exactly a convenient, future-proof way to do such things. It’s tied to a single device and the backup codes are limited.
@FredsBodyDouble 2FA is more secure yes, but still not unhackable.
A good friend of mine sent me this screenshot, his account was hacked just days ago for $214.48 in Fornite v-bucks. So this is a fairly wide spread issue. There are two solutions here. Enable two factor authentication on your account as Nintendo suggests. Or optionally, don't save a credit card or paypal account to your profile and re-enter each time.
I also think Nintendo and Epic should trace whichever account ends up using these v-buck purchases and permanently ban that account.
@Incarna its not nintendos app. there are also alternative apps that also work on pc, like authy
@lordzand the complaining is quite frankly mind boggling
@rushiosan use authy, it uses the same open standard, allows multiple devices and backups
@Chandelure-BW Thank you for mentioning that there are other 2FA options. Would be even better if I could link my phone for 2FA through SMS, but oh well.
@SwitchForce I've worked in IT for several years, and I can confirm that this is the best advice you can give to someone. Everyone wants the magic password/software/anti-virus/security suite that lets them set and forget so they never have to be careful again, but we have to constantly remind people that real life doesn't work that way: the biggest security flaw IS THE USER. If you get an unsolicited email to login to your account or reset your PW, then don't use it. Type the URL or use your bookmark and go to the site yourself.
This is being used for Fortnite bs, as shown in @Nico07 screenshot, I remember a similar wave hitting years ago with xbox accounts and that years FIFA game, also resetting my nintendo account password did nothing, was still getting random sign ins with a unique password, resetting my Nintendo Network ID password seems to have fixed it for me, if you have a NNID tied to your Nintendo account change that password, you'll have to do that on your Wii U or 3DS
I got an email from Spotify the other day saying my account had been accessed from somewhere else with a link to restore my account by resetting my password. It was totally fake, and if I had used the link to change my password, I obviously would have had more problems.
Could these Nintendo account issues be related to a similar phishing scam?
No, I know for a fact I didn't get phished and got like 10 sign in notifications in one day, I have like $5 on my account (they didn't spend it) but no card and no paypal, as I said changing my nintendo account password did nothing to stop this but changing my Nintendo Network ID password via my 3DS stopped it (the accounts are linked, I can login w my NNID) so I think they need to look into that.
@burninmylight obviously it's not working. I also for a time worked in the IT industry and didn't have to know working there to know that from the start. They should ask would you Keep their house UNLOCKED and put a sign outside saying all are Welcomed. They should ask themselves that-and you would know their reply. But for some un-explicable reason they think they are immune or anonymous which is total fabrication by the CEO industry whom can already track you. Once you go Online you can be tracked VPN or not because of the site you visits or have a registration on shows your activity regardless.
2FA is a ridiculous joke of a "security" measure that makes it harder legit users to access the myriad of hundreds of services than it does for the thieves to just access the darned back doors and access the information anyway. The entire lunacy of recommending 2FA needs to be eliminated, not encouraged. ACTUAL security is required. Not absurdly binding every single item you use to require some other device to manually verify something every time you go to access something. END 2FA!
Also, people saying to not store payment information, anyone signed up for a family account for NSO is required to have payment on file for auto renew, unfortunately.
Tap here to load 120 comments
Leave A Comment
Hold on there, you need to login to post a comment...