There have been some recent reports of unauthorised account access on Nintendo Switch consoles, with some users heading online to voice concerns about account security. While Nintendo has not confirmed an official security breach, multiple users claim their accounts have recently been accessed by unknown third parties.
As Eurogamer reported, this potential security issue was brought to widespread attention by Twitter user, pixelpar who noted their account was accessed 47 times by an unauthorised party despite having a “unique” password.
I suspect Nintendo may have had a major security breach. My account was accessed numerous times overnight.
My password is a unique string and my PC is definitely clean (not that I ever login via it).
Lots of similar reports on Reddit/twitter.
Unlink PayPal & enable 2FA folks!
— Pixelpar (@pixelpar) April 19, 2020
At the time, the user did not have two factor authentication turned on.
In a response to the tweet, another user identified a recent Nintendo of America post from April 10 encouraging users to enable two-step verification as a sign trouble may be brewing — although it’s important to note that companies often encourage the use of 2FA regardless of potential breaches.
Other Twitter users have reported similar security breaches, including an incident where hackers spent around $100 in Fortnite using a player’s linked PayPal account.
This happened to me about a week ago. Here's a thread on the process I we t through trying to slove it. https://t.co/bBahO6Hqnd
— Terran Sherwood (@TerranSherwood) April 19, 2020
Another user also claimed their connected PayPal account being compromised and used to pay for Fortnite‘s V-Bucks.
So this happened to me a week or two ago (you can look in my post history I was livid) and someone literally emptied my entire bank account and bought v-bucks using my connected paypal account. It was devastating and only stopped because I happened to be awake when it happened.
— miku fan account (@natalie__draws) April 19, 2020
It’s currently unknown if these issues are connected, but it’s important to take your security seriously. To check if your account has been accessed by third parties, you can view your sign-in history here.
The best way to protect yourself is to install two-step verification on your Nintendo Online account.
How to enabled two-step verification on Nintendo Online
- Visit your Nintendo account
- Log in and navigate to ‘Sign-in and Security Settings’
- Verify your account via email
- Download Google Authenticator on your smart phone
- Follow the prompted steps to set up 2FA
Alternatively, you may choose to unlink your PayPal or credit card information from your account. While it does add an extra layer of inconvenience to your Nintendo purchases, it will keep your account safe.
Kotaku Australia has reached out to Nintendo to confirm these reports and we’ll update this post should we hear back.
Update 1:52PM 22/4: Nintendo provided the following comment to Kotaku Australia via email.
“We are aware of reports of unauthorized access to some Nintendo Accounts and we are investigating the situation. In the meantime, we recommend that users enable two-step verification for their Nintendo Account.”