Nintendo Japan has warned Club Nintendo users to change their passwords, after revealing that the member rewards site was hacked back in June, leading to tens of thousands of unauthorized logins. The first Nintendo realized of the compromised security was a dramatic increase in errors spotted on July 2, with subsequent investigation turning up 23,926 stolen logins and almost 15.5m attempts.
However, the first of the hacks apparently begin on June 9, continuing up to July 4, Nintendo Japan says. All passwords for the Club Nintendo service have been reset, and users will need to create new credentials when they next try to log in.
Club Nintendo is the company’s membership scheme, which offers rewards – including both in-game content, special limited edition games, warranty extensions, and real promotional gifts – in return for playing games on the Wii U, Wii, 3DS, and other Nintendo consoles. There’s no indication that Club Nintendo US or Club Nintendo UK have been compromised.
Fortunately, Club Nintendo never held any credit card data from its users, though the company says that it suspects names, addresses, phone numbers, and email addresses have all be taken. There’s currently no confirmation that any unauthorized use of Club Nintendo Points has taken place.
Nintendo is bulking up its security systems, in the hope of preventing something like this from happening again, but advises anyone who used the same credentials – such as email address, username, or password – for other services to change them there, just in case. It’s also sensible to be on the lookout for a potential increase in phishing attempts, which often follow email address thefts.