July 8, 2013
Nintendo Fan Site Hacked, 24K Accounts Compromised
Michael Harper for redOrbit.com - Your Universe Online
The hackers are at it once again, this time targeting gamers and their online accounts. According to the Japan Times, a Nintendo fan site has been hit with an attack that has exposed the private information of nearly 24,000 users. The site had apparently been under attack for nearly a month as hackers attempted more than 15 million logins with false information. Of these millions of attempts, some 23,926 were successful, revealing the names, addresses, email information and home addresses of these users. However, because the site in question does not facilitate any monetary transactions, no financial information was leaked as a result of this attack.
The fan site, Club Nintendo, allows 3DS and Wii owners, as well as other fans of Nintendo games and hardware to answer survey questions and register their products. Members can do all this in exchange for "coins" or points. These can later be traded for other goods or services on the site. The site is open to users from all over the world, about four million of which are located in Japan. Nintendo says it was these Japanese users who were targeted in the attack, though they did not confirm any misuse of the stolen data or state whether these users coins were stolen or used inappropriately.
"There were scattered illicit attempts to login since June 9, but we became aware of the issue after the mass attempt on July 2," said company spokesman Yasuhiro Minagawa in a statement. It was only after the site experienced a large number of access errors last week that Nintendo became aware of the problem.
After investigating, they found the hackers had tried to access 15.46 million Club Nintendo accounts but were only able to successfully break into some 24,000 of these. Once inside, these hackers had access to the users' private information. Nintendo now says they've suspended the accounts which were breached, contacted the members who were affected, and asked them to change their passwords.
For seemingly inscrutable reasons, gamers are often the victims of such attacks. For instance, Nintendo's Wii U Network was rumored to have been attacked just hours after its US debut. According to ZDNet, a forum user happened upon a secret panel in the online network which gave them the ability to delete administrators or change their passwords. After Nintendo was made aware of this flaw, they quickly released a fix and sealed the hole that allowed the user into the secret panel. The forum poster also says they received a personal message from a "certain developer" which claimed they could get into legal trouble with Nintendo for revealing the attack.
More recently, French gaming company Ubisoft was also hacked, resulting in the release of email addresses, user names and encrypted passwords. Hackers broke into Ubisoft's gaming network by way of one of the company's websites. The gaming company claimed certain credentials had been stolen and used to access the site illegally. Though encrypted passwords had been leaked as a result of this hack, the company warned users those passwords which may have been weak or used on multiple sites may no longer be secure and should be changed.