Nintendo's fan site hit by illicit logins, 24,000 accounts accessed

The company said "Club Nintendo" accounts in Japan were accessed, with private data like names, phone numbers and addresses

Nintendo said a main fan site was hit by a wave of illicit login attempts in Japan over the last month, with attackers gaining access to nearly 24,000 accounts containing users' real names, addresses, phone numbers and emails information.

The company said its "Club Nintendo" site was the target of mass login attempts, with attackers using a list of logins and passwords that were probably obtained from a different service outside Nintendo. The company said nearly 15.5 million logins were attempted, and 23,926 were successful.

Nintendo said it first became aware of the illicit logins on Tuesday evening after a large number of access errors on the site. On Friday, the company issued a press release saying it had suspended the accounts that were accessed illicitly and sent emails asking their users to reset their passwords. The company said its investigation showed the illicit logins had been occurring since June 9.

"There were scattered illicit attempts to login since June 9, but we became aware of the issue after the mass attempt on July 2," said company spokesman Yasuhiro Minagawa, adding the login attempts were limited to Japanese accounts.

The site, which operates globally, has about 4 million users in Japan. Club Nintendo offers gamers points ("coins" in some countries) in exchange for registering their Nintendo products and answering user surveys, so it handles no financial information.

The points can be saved up and exchanged for promotional goods, but Nintendo said it had detected no points that were used as a result of the illicit logins.

Other Japanese firms have also been hit by mass login attempts in recent years. In 2011, Sony said it had suspended 93,000 accounts on its online gaming and entertainment sites after a large number of unauthorized login attempts.

Join the CSO newsletter!

Error: Please check your email address.

Tags Nintendosecuritygames

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jay Alabaster

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts