Nintendo has confirmed that up to 160,000 Nintendo accounts were accessed in a massive data breach that exploited accounts without two-factor authentication enabled (To be clear, no data breach occurred at Nintendo These accounts were most likely compromised because the owners reused passwords from other accounts)

We previously reported that cybercriminals are targeting Nintendo accounts and users are receiving emails alerting them to new logins Because such accounts may contain personal and payment information, the cyberattacks are also a potential privacy breach

Nintendo issued a statement in Japanese, noting that hackers had been spoofing the Nintendo Network ID process since early April As a result, "unauthorized" logins were made to many Nintendo accounts

According to the company, the data that may have been accessed include the user's nickname, date of birth, gender, country/region, and email address So far, no payment details appear to have been accessed

In some cases, however, cybercriminals were able to make purchases through linked payment methods This has allowed some people to have up to £100 (approximately $123) worth of digital items charged to their accounts

It is important to note that the cybercriminals could not actually see the full payment details of the users However, Nintendo warns that users' financial information could be compromised if they use the same username and password for both their Nintendo and bank or PayPal accounts

Nintendo now advises Nintendo account holders to reset their passwords upon receiving an email notification from the company The company also recommends that users who have already logged in to their accounts re-login

Users should also avoid sharing their Nintendo Account password with other services, especially payment services such as PayPal

If your account has been compromised and someone has used your information to purchase a game, Nintendo encourages you to contact the company

The Big N will then conduct an "individual investigation" and cancel the purchase However, Nintendo states: "We will take action Please wait as we will proceed in due course"

Nintendo also apologized for the data breach and said it would "make further efforts" to strengthen security and prevent similar incidents from occurring in the future

One way to prevent further intrusions is to enable two-factor authentication (2FA) for your Nintendo account This means that during login, your phone will prompt you for an additional code, making the process more secure Click here to learn how to set up Nintendo 2FA