In a post on its Japanese website, Nintendo says that hackers were able to access user and password data for Nintendo Network IDs (NNID), then used that information to log in to accounts. The company estimates that around 160,000 NNIDs have potentially been affected.
NNIDs are an older form of login for Nintendo services, created for 3DS and Wii U. The Switch uses newer Nintendo Accounts, but legacy NNIDs can be used to log in. In response, Nintendo has abolished NNID logins for Nintendo Accounts, and NNIDs and Nintendo Accounts that look to have been compromised will see automatic password resets.
After widespread reports about unathorised access to Nintendo Accounts this week, the company said it was investigating the issue, and asked users to enable two-factor authentication for their accounts.
What remains unclear is exactly where the NNID login information has been obtained from. Nintendo’s statement mentions only that it was obtained “by some means other than our service”.