Update: Nintendo has sent out a separate statement in English, noting that “there is currently no evidence pointing towards a breach of Nintendo’s databases, servers or services.” This second statement can be read in full below.
Original: Nintendo has followed up on the situation regarding illegal access to Nintendo Accounts, confirming that about 160,000 accounts have been compromised.
In an official statement today, the company said that “login IDs and passwords have been obtained illegally by sources outside our service, to impersonate users to access Nintendo Network ID since the beginning of April.”
Starting today, users will be unable to log in to their Nintendo Accounts with a Nintendo Network IDs. Nintendo further says that “all passwords will be reset for Nintendo Network IDs and all other Nintendo Accounts that may have been illegally accessed.”
Here’s the full statement, courtesy of Sephazon:
Nintendo Japan statement
This message is regarding the reports of unauthorized Nintendo Account access, we would like to inform you on how to secure your Nintendo Account and reset your password and information. We thank you for your continued support of our products. Recently it has come to our attention that login IDs and passwords have been obtained illegally by sources outside our service, to impersonate users to access Nintendo Network ID since the beginning of April. We can confirm these actions have occurred. We can also confirm that there was illegal access to such accounts through the Nintendo Network ID system. Due to this, as of today, users cannot log into their Nintendo Account via Nintendo Network ID. Furthermore, all passwords will be reset for Nintendo Network IDs and all other Nintendo Accounts that may have been illegally accessed. Users will be notified by email to reset your Nintendo Network ID and Nintendo Account. Please avoid reusing the password that you have already used on other websites and services. If you have already logged into your Nintendo Account via your Nintendo Network ID, please log in using your registered Nintendo Account email or login ID. If you use the same password for your Nintendo Network ID and Nintendo Account, your account balance, registered credit card and/or PayPal may have been illegally used on My Nintendo Store or Nintendo eShop. Please set different passwords for your Nintendo Network ID and Nintendo Account. Furthermore, if your purchase history contains unauthorized purchases, please request to cancel that purchase. We will respond to such requests. Please understand that we will proceed in the order of cancellation requests we receive. Lastly, if you haven’t already, please set up two-step verification for your Nintendo Account for safety and security.
Nintendo UK / English statement
We would like to provide an update on the recent incidents of unauthorised access to some Nintendo Accounts. While we continue to investigate, we would like to reassure users that there is currently no evidence pointing towards a breach of Nintendo’s databases, servers or services. As one action in our ongoing investigation, we are discontinuing the ability to use a Nintendo Network ID to sign in to a Nintendo Account. All other options to sign-in to a Nintendo Account remain available. As a further precaution, we will soon contact users about resetting passwords for Nintendo Network IDs and Nintendo Accounts that we have reason to believe were accessed without authorisation. In addition, we also continue to strongly encourage users to enable two-step verification for their Nintendo Account as instructed here: How to set-up two-step verification for a Nintendo Account. If any users become aware of unauthorised activity, we encourage them to take the steps outlined in the article about the Nintendo Account recovery process. During the investigation, in order to deter further attempts of unauthorised sign-ins, we will not reveal more information about the methods employed to gain unauthorised access. We apologise for the inconvenience and concerns caused to our customers, and we will continue working hard to safeguard the security of our users’ data.