This spring, Nintendo users massively reported that their accounts had been hacked and unidentified people log in from all over the world. Even worse, it seems that attackers still hack Nintendo accounts and many victims lose money due to such compromises.
ZDNet reporters write that this wave of hacks began in mid-March 2020, and last weekend it reached its peak. So, in recent days, more and more users receive notifications by mail that unauthorized persons with suspicious IP addresses have accessed their profiles.“At the same time, it is still unclear exactly how the attackers hack accounts. Maybe hackers use credential stuffing attacks, but that’s just one theory”, – write ZDNet reporters.
The term credential stuffing refers to situations where usernames and passwords are stolen from some sites and then used against others. That is, the attackers have a ready-made database of credentials (purchased on the darknet, collected independently, and so on) and try to use this data to log in to any sites and services under the mask of their victims.
However, many victims claim that they used complex and unique passwords for their accounts, including those created using password managers. So, hackers can use not only credential stuffing and iterate over the most common combinations of recorded data.
Let me remind you that according to the Microsoft report: 99.9% of compromised accounts did not use multifactor authentication.
Often, victims also report a loss of funds because of hacking. In some cases, hackers buy Nintendo games at someone else’s expense, but most often attackers purchase Fortnite game currency through a Nintendo profile card or PayPal account.
“I get home from work and find out on the way that my Nintendo account was hacked and [hackers] spent $ 300 on Fortnite. Hug me…”, — writes one of the affected users on Twitter.
You can find many similar complaints on social networks. Although so far there is no exact data on the number of hacked accounts, it is clear that the problem has considerable scope.
Famous personalities, for example, the editor of game reviews of the ArsTechnica publication, also suffered from attacks.
“Reviews Editor Ron Amadeo received a plain-text email notice from Nintendo, titled simply, “[Nintendo Account] New Sign-In.” The notice included the following sign-in details: a 5:25pm ET timestamp; the sign-in taking place via the Firefox browser (which Amadeo says “is not even installed” on any devices he used today)”, — write ArsTechnica journalists.
Referring to their own sources in the information security community, ZDNet reporters write that they found on the Internet many fresh ads about the sale of Fortnite game currency and V-bucks, purchased from Nintendo Switch accounts. Researchers believe that these ads may be related to recent events.
Recall that we wrote about an unusual solution in the fight against attackers from the gaming giant Ubisoft: DDoS attacks on Ubisoft almost completely stopped after company threatens with a lawsuit.
User Review
( votes)
