Tweet
Over the past several days, more and more reports have been made that seem to indicate that there might be a problem with Nintendo account security. Reddit and Twitter users have said that they have started to notice an increasing number of account login attempts that aren't originating from the actual account owners.
One particular case is from Twitter user @pixelpar, who runs the Nintendo fan site lootpots.com. Pixelpar says that their account was "accessed numerous times overnight."
How many times is "numerous?" According to a follow-up Tweet, pixelpar says that he received 47 emails overnight, one for each login attempt. They go on to say say that they did not have 2FA enabled, but wasn't too concerned as they did not have any payment methods tied to their account.
That, by the way, is not a great mindset to have and you should always enable 2FA on all of your accounts when it is possible. Even if you do not have any payment methods tied to your system, there are many times where digital licenses are tied to your account. If you lose access to your account then it is very probable that you could also lose access to the content you purchased. Just don't even take that risk. Enable 2FA and you'll be better protected.
Nintendo set up an easy to follow guide on how to enable 2FA on your Nintendo Account. I would suggest that maybe instead of using Google Authenticator as they suggest, you instead use Authy. I only say this because Authy has a way to sync up your 2FA accounts across devices while Google Authenticator does not. That means if you lose your phone or get a new phone, you need to set up 2FA again. And if you have a lot of accounts that you secured, this can be a real pain to deal with. If you would rather not trust a third-party app with something like that, then stick with Google Authenticator.
Outside of that one Twitter example of unauthorized login attempts happening, there are other examples worth talking about here. Eurogamer notes that one of their staff members also experienced the very same thing back on April 17.
Unsuccessful login attempts are one thing, but there are some users who have said their accounts were fully compromised. Those with Paypal tied to their Nintendo accounts have reported that whomever had access to their accounts more often than not purchased a bunch of Fortnite's V-Buck currency. These V-Bucks can be used to purchase any of the in-game cosmetics that are available for sale.
Nintendo has not yet talked about any security issue. However, a bit over a week ago various Nintendo Twitter accounts sent out tweets talking about enabling 2FA on your Nintendo Account. These tweets came from Nintendo of Europe, the Japanese Nintendo customer support account, and even Nintendo of America accounts. These tweets were all made between April 7 - April 9. This could all just be a coincidence though. Other companies like Sony and Microsoft often send out these "hot tip" style tweets about how to secure your account or do some simple maintenance.
Beyond adding 2FA to your account, you may also want to change your password to something unique that is not used anywhere else. Password managers like 1Password, Bitwarden, KeePass, LastPass, and others will allow you to set up complex passwords with ease. You may also want to revoke access to any client that is authorized to access your Nintendo Account. You can go here to see a full list of those authorized clients.
