Some 24,000 user accounts – but luckily no user financial information – were compromised in mass login attempts to the Club Nintendo website.
The global website is a Nintendo member rewards site, on which users are urged to register their Nintendo products and consoles, answer surveys, and so on in exchange for gamer points and exclusive products.
According to the company, the (initially intermittent) unlawful login attempts have started on June 9, but they were spotted only on July 2, when the number of attempts became massive – 15.5 million in all – and most of them failed.
Only Japanese accounts were targeted, it seems, and the attackers probably used a list of logins and passwords obtained from a hack of some other online service geared towards Japanese users.
The members’ names, home addresses, phone numbers, and email addresses were compromised, but no credit or debit card information as members didn’t need to provide it from the get-go. No gamer points from the compromised accounts were misused.
Computerworld reports that Nintendo has suspended the affected accounts, and has been notifying their owners, asking them to reset and change their password.