As you know, there has been an increase in reports of Nintendo Account members getting hacked in the last few weeks.
The intensity of the attacks confused many people as they thought Nintendo encountered a security breach, since some of these users continued to get hacked even after changing their passwords.
Thanks to a survey by Pixelpar, it seems that Nintendo Network ID, the online service for Nintendo 3DS and Wii U users, could be the cause of the hack. Pixelpar’s survey showed that 92.7% of those who were hacked and used a unique password for their Nintendo Account linked their Nintendo Network ID to Nintendo Account:
Took a look at initial survey submissions. Based on data so far, the most likely explanation is Nintendo Network ID passwords being compromised.
— Pixelpar (@pixelpar) April 20, 2020
92.7% of compromised accounts, that used a unique password (not used elsewhere), had their NNID linked.
Just a hypothesis, not fact. pic.twitter.com/KSrjCt3wHR
So what could be happening is pretty simple – hackers are reusing stolen username and password combinations from other websites and services (not Nintendo) to brute force Nintendo Network ID. As many Nintendo players linked their Nintendo Network ID to Nintendo Account, this allows them access directly to Nintendo Account.
Readers should also keep in mind that Nintendo Network ID is also extremely hard to manage – unlike Nintendo Account, you have to access your Nintendo 3DS or Wii U to change your Nintendo Network ID password. We strongly recommend all readers to unlink their Nintendo Network ID from Nintendo Account as soon as possible, given that it is very likely, the vector of the ongoing attacks.