
Nintendo said a total of 300k accounts have been hacked - wslh
https://edition.cnn.com/2020/06/09/tech/nintendo-300000-accounts-hacked/index.html
======
MattSteelblade
Neither this article nor the previous one
([https://www.cnn.com/2020/04/24/tech/nintendo-accounts-
hacked...](https://www.cnn.com/2020/04/24/tech/nintendo-accounts-
hacked/index.html)) mention how this breach took place, but I'm guessing it's
reasonable to assume that this was related to credential stuffing.

~~~
walls
This hit me, and my Nintendo account was using a unique keepass generated
password.

~~~
eswat
Did you have a Nintendo Network ID linked to your Nintendo account though? Was
that NNID password secure?

~~~
walls
That is quite possible, I do remember some linking at some point, will have to
check.

------
eswat
Source (Japanese)
[https://www.nintendo.co.jp/support/information/2020/0424.htm...](https://www.nintendo.co.jp/support/information/2020/0424.html)

------
eswat
SpyCloud did an interesting writeup on at least one credential stuffing tool
used months ago in this attack: [https://spycloud.com/technical-analysis-
nintendo-account-che...](https://spycloud.com/technical-analysis-nintendo-
account-checking-crimeware/)

------
sk0g
Another month, another hack on Nintendo accounts... What is up with their
security?!

~~~
toyg
Not unlike Apple and Sony, when a hardware company starts making web-apps,
chances are it's not going to be very good.

~~~
shasheene
It's strange, because Nintendo has such good first-party game development
skills, develops entire operating systems for their internet-connected
consoles (including security architectures spanning hardware/software).

Even some of Nintendo's top brass have had strong software engineering skills:
in the late 1990s, during the development of Pokemon Gold & Silver, the team
was struggling so future Nintendo President Satoru Iwata developed and
implemented a compression algorithm.

The skills are certainly there.

~~~
eswat
Developing software that fulfills functionial or gameplay requirements is
going to require a very different skillset compared to fulfilling security
requirements (user stories become abuser stories, and they aren't always easy
to wrap your head around).

Corporate Japan has also lagged behind western companies in this area. The
book Business Management and Cybersecurity by Shinichi Yokohama dives into
this.

------
bamboozled
Japan has slipped very far behind in so many areas, it's really quite sad.

~~~
mcphage
Massive account breaches isn't in any way a Japanese-only problem.

------
castratikron
And this is a service Nintendo charges for. How much of that is used to
prevent things like this? Or maybe they just budget for the occasional hack
happening so they can give people refunds?

~~~
fastest963
Actually this specific breach was with Nintendo Network ID which was an older
login system with the 3DS and you didn't have to pay for it.

