Nintendo Switch owners are encouraged to block their accounts after a wave of fraudulent attacks.
Hacking involves a user logging into a person’s Nintendo Account and often using a linked PayPal account to make expensive purchases.
Numerous reports say that the attacks have intensified in recent weeks, with popular tech staff and gaming sites among those affected.
Nintendo recommends using two-factor authentication to protect accounts.
The attacks have been going on for months, but appear to have increased in recent weeks.
A staff member of the Eurogamer gaming site had accessed his account, as reported by the website, like another of Ars Technica.
Administrators of the Also the Nintendo forum on Reddit there had been a “significant” number of reports in the past few days.
What’s going on?
Switch console owners can buy games from Nintendo’s online store, but they can also buy digital currencies for popular games like Fortnite.
For convenience, Nintendo also allows users to pay via PayPal by linking their accounts.
In the past month, players have posted their PayPal accounts on Twitter, Reddit and elsewhere that are used to purchase hundreds of dollars worth of games or “V-buck”, Fortnite’s digital currency. Technological site ZDNet reports that it found online hacker advertisements offering those V-bucks for resale.
Similar attacks on other services often use passwords that are reused on multiple accounts. When a data breach exposes passwords for a site, attackers often try the same username and password combination on hundreds of others, hoping to find a match. But many online posts that claim to have been attacked claim to use unique passwords for their Nintendo Account.
An important interested user, the operator of the LootPots site, has speculated that the attacks could be linked to the old Nintendo account system, the Nintendo Network ID.
It has been used for previous WiiU and Nintendo 3DS systems. It can be linked to the new Nintendo Switch compatible account, which may offer a way to use an old password that may have been compromised.
How can I protect myself?
While Nintendo did not directly address the increase reported in the attacks, it tweeted encouraging users to add two-factor authentication (2FA) to their account. This can be done on an account’s settings page in seconds.
“This is incredibly disturbing for Nintendo users,” said Lisa Forte of Red Goat Cyber Security.
“Passwords, for any account, are not the safest way to log in. It is essential for users to allow 2FA to make their accounts more secure.
“This means that attackers need another code to access your account, not just your password.”
Password managers can also help users create long and complicated passwords that are more difficult to guess, he said.
“The current Covid-19 pandemic puts online gaming platforms in the foreground as targets for attackers. More and more people are at home playing and loading money into their account,” said Forte.