160 mil contas foram acedidas por terceiros. A Nintendo inicialmente deu a conhecer que teriam sido obtidas por um hack, mas corrigiu depois a situação alegando uma fuga de informação pode outros métodos.
A Nintendo enviou uma mensagem que dava conhecimento a relatos de acessos não autorizados a contas na sua rede, realizados por terceiros, e que ocorrem deste Abril, usando os Nintendo Network ID, e.
Eis a mensagem da Nintendo:
This message is regarding the reports of unauthorized Nintendo Account access, we would like to inform you on how to secure your Nintendo Account and reset your password and information. We thank you for your continued support of our products.
Recently it has come to our attention that login IDs and passwords have been obtained illegally by sources outside our service, to impersonate users to access Nintendo Network ID since the beginning of April. We can confirm these actions have occurred. We can also confirm that there was illegal access to such accounts through the Nintendo Network ID system.
Due to this, as of today, users cannot log into their Nintendo Account via Nintendo Network ID. Furthermore, all passwords will be reset for Nintendo Network IDs and all other Nintendo Accounts that may have been illegally accessed.
Users will be notified by email to reset your Nintendo Network ID and Nintendo Account. Please avoid reusing the password that you have already used on other websites and services. If you have already logged into your Nintendo Account via your Nintendo Network ID, please log in using your registered Nintendo Account email or login ID.
If you use the same password for your Nintendo Network ID and Nintendo Account, your account balance, registered credit card and/or PayPal may have been illegally used on My Nintendo Store or Nintendo eShop. Please set different passwords for your Nintendo Network ID and Nintendo Account. Furthermore, if your purchase history contains unauthorized purchases, please request to cancel that purchase. We will respond to such requests. Please understand that we will proceed in the order of cancellation requests we receive.
Lastly, if you haven’t already, please set up two-step verification for your Nintendo Account for safety and security.
Posteriormente a Nintendo lançou um segundo comunicado, com mais actualizações!
Segundo o mesmo as contas não se deveram a nenhum acesso às suas bases de dados, servidores ou serviços, tendo por isso sido desabilitados os acessos usando o login pelo Nintendo Network ID, e recomendando-se o reset de passwords.
A Nintendo não revela nada do modo usado para se obter o acesso, pois está a investigar e entende que a sua revelação poderia comprometer a mesma.
Eis o segundo comunicado:
We would like to provide an update on the recent incidents of unauthorised access to some Nintendo Accounts.
While we continue to investigate, we would like to reassure users that there is currently no evidence pointing towards a breach of Nintendo’s databases, servers or services. As one action in our ongoing investigation, we are discontinuing the ability to use a Nintendo Network ID to sign in to a Nintendo Account. All other options to sign-in to a Nintendo Account remain available.
As a further precaution, we will soon contact users about resetting passwords for Nintendo Network IDs and Nintendo Accounts that we have reason to believe were accessed without authorisation.
In addition, we also continue to strongly encourage users to enable two-step verification for their Nintendo Account as instructed here: How to set-up two-step verification for a Nintendo Account.
If any users become aware of unauthorised activity, we encourage them to take the steps outlined in the article about the Nintendo Account recovery process.
During the investigation, in order to deter further attempts of unauthorised sign-ins, we will not reveal more information about the methods employed to gain unauthorised access.
We apologise for the inconvenience and concerns caused to our customers, and we will continue working hard to safeguard the security of our users’ data.
A Nintendo deu entretanto a conhecer que 160 mil contas tinham sido comprometidas e descansando os utilizadores no que toca a eventuais compras não autorizadas realizadas durante os acessos.
No meio de tudo isto, fica a questão: Se os dados não foram obtidos por hack a bases de dados, como foram obtidos? Esta é uma situação que a Nintendo terá de explicar!