Nintendo isn’t saying, so here’s how to fend off the account hijacking spree

by
Dan Goodin
from Ars Technica - All content on (#52GD1)
nintendo-online-800x420.png

Enlarge (credit: Nintendo)

A wave of account takeovers hitting Nintendo users over the last few weeks continued largely unabated on Tuesday despite Ars' coverage of the mass hijackings a day earlier. Nintendo isn't saying why or how so many accounts continue to get compromised, often within hours of hacked users resetting passwords. A likely reason for the sustained hijacking spree: Nintendo's failure to warn of the risks posed by legacy accounts.

Long before Nintendo introduced the current account system for Switch and other recent devices, the company used a Nintendo Network ID, or NNID, for the earlier Wii U and 3DS platforms. NNIDs had to be created using the notoriously bad resistive-screen keyboards available on these devices, a constraint that made it hard for users to choose strong passwords. The move to the current system was a vast improvement because accounts can be set up using a Web browser.

Error of omission

But there's a key shortcoming: NNIDs never died, and despite many users forgetting they had ever set up one of these accounts, many continue to be linked to users' new accounts. That means unauthorized access to an NNID is all it takes to hijack a new account and make off with any PayPal or Switch eShop funds tied to it. As recently as Tuesday, Nintendo emails warning users of potentially hijacked accounts didn't mention this key detail.

Read 6 remaining paragraphs | Comments

index?i=If3TNKe7NoY:Xgh9N4PAgig:V_sGLiPB index?i=If3TNKe7NoY:Xgh9N4PAgig:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments