Just days after we wrote that hackers were trying to hack Nintendo accounts, the game company confirmed the attack. In a statement on its Japanese site, Nintendo says that about 1
According to the statement (which we view through the lens of Google Translate), the main problem stems from Nintendo accounts linked to Nintendo IDs and secured with reused passwords.
Actors often scrape username and password combinations from other companies' breaches and then try them out wherever they can to see where the password works differently. It's a practice called login fill that shows no signs of slowing down. If you use the same password for Nintendo as for Adobe and Kickstarter, you must stop.
In this case, linking your Nintendo Account (used for Switch) to your Nintendo ID (used for Wii U and 3DS) means you can use the Nintendo ID login to access the Nintendo Account. So even if you were diligent about changing your current Nintendo account password, an old reused Nintendo ID could be the weakness.
Nintendo went on to say that on access hackers would see your name, date of birth, country / region, and email address. In addition, hackers could use any balance you had through a registered credit card or PayPal to make their own purchases.
The company notifies affected customers and also resets passwords for those users. It also disables the ability to link a Nintendo Account to a Nintendo ID. The company suggests that you change your passwords and enable two-factor authentication. That's good advice, and we go one step further and recommend using a password manager to give each service you have an account with a different password.
Source: Nintendo via The Verge