At the end of last April, Nintendo confirmed that it had been the victim of an attack and that at least 160,000 users had been affected, but now it has been announced that the company was not accurate with this figure, since it added at least 140,000 affected users, increasing the figure to 300,000 affected.
In an update to its support website for Japan, Nintendo said that it had reset the Nintendo Network ID (NNID) and Nintendo Account passwords for these users, in addition to contacting them. It also indicated that it carried out refunds for most customers whose account was used to make unauthorized payments and, according to Nintendo, 300,000 people were less than one percent of all NNID users.
In April, the company had already come under fire, responding too late to a growing wave of user complaints that someone had accessed their accounts. The company admitted on April 24 that there was a security problem and disabled account access using the NNID as the login method, which is still disabled today .
During the leak, the attackers had access to a lot of users’ private information: first and last name, date of birth, postal address and the email used to register the account. While credit or debit card data could not be accessed, it could be used to make payments (in addition to linked Paypal accounts), leading to a wave of purchases from V Bucks, the virtual currency of Fortnite.