The Japanese gaming company originally announced in April that 160,000 of its accounts were compromised in a Nintendo Network ID hack, putting account owners’ names, email and physical addresses, birth dates and payment methods out in the open.
On Tuesday (June 9), Nintendo confirmed that another 140,000 accounts were compromised. The Nintendo Network provides games and content via the internet and can contain credit card numbers.
Nintendo said the number increased as a result of its continuing investigation and it noted this week that the breach affected fewer than 1 percent of its Network ID users. In those cases, the company vowed to change usernames and passwords and refund fraudulent charges. Nintendo said most customers have already received refunds with more on the way, the report said.
Nintendo investigators are still working to discover how the cybercriminals gained access to the data info but said it was “by some means other than our service,” according to an earlier TechCrunch report. Nintendo has been asking users to submit feedback in an attempt to locate the source of the breach.
The hacks started in March when users complained their accounts were charged for digital items without their permission, including virtual currency Fortnite V-Bucks using a connected PayPal account, TechCrunch reported. But it took another two weeks before Nintendo admitted that accounts had been improperly accessed.
A Wired report suggested Nintendo users should change their Nintendo passwords and establish two-factor authentication if they haven’t already. Another tip, it said, is a use password manager.