Over the past month, many online Nintendo Account holders have reported receiving messages alerting them to unauthorized account access, and the number of reports doesn’t seem to be abating.
As reported by Eurogamer, the issue is occurring in multiple countries and, in some cases, hackers are using hijacked account's saved PayPal details to purchase in-game currencies, such as Fortnite’s VBucks.
A reporter with Ars Technica who had fallen victim to the same unauthorized account access noted that the only common variable they shared with other victims was the use of the Nintendo Network ID service.
This service enabled Wii U and Nintendo 3DS users to connect to a variety of online services, including purchasing products on the eShop. It’s not yet certain that this is the source of the breach, however, so if you have a Nintendo Account it’s better to be safe and assume that you’re at risk, even if you never used the Network ID service.
It’s also unclear whether or not this is related to a tweet sent out by Nintendo of America on April 10 encouraging users to “help secure [their] Nintendo Account by enabling 2-Step Verification” (also known as two-factor authentication, or 2FA).
You can help secure your Nintendo Account by enabling 2-Step Verification.For more details, visit: https://t.co/kqxbp8TobD pic.twitter.com/hZ1PnFWZQwApril 9, 2020
As Nintendo is yet to issue a statement on the matter, and the severity and source of the security issue is currently unknown, we recommend that holders of Nintendo Accounts change their passwords and enable 2FA.
In order to do so, users can follow the steps from the support page from the above tweet, which will guide you through the process of setting up 2FA via the Google Authenticator app.
In the process of doing so, you can also check if you’ve had any unwanted access to your account thus far by viewing the Sign-In History on the Sign-In and Security Settings page reached in step two of the process outlined on Nintendo’s site.