Private data including users’ nickname, email, date of birth, gender and country/region could have been made available to third parties.
Credit card data was not compromised.
Along with other sign-in options, Nintendo Account can be accessed using a Nintendo Network ID (NNID) username and password. Up to 160,000 NNIDs were obtained illegally and used by third parties to access accounts and make unauthorised purchases.
As reported by Eurogamer, “some account users reported their accounts had been used to buy digital items, such as bundles of Fortnite VBucks worth up to £100, via linked PayPal accounts.”
In response to this, Nintendo has disabled the NNID log-in option, with NNID passwords being reset.
Nintendo has launched its internal investigation into the issue. In the meantime, the company suggests users should use two-step verification for their Nintendo Accounts.