Nintendo users have been urged to activate two-form authentication (2FA) on their accounts, amid a spike in reported third-party logins this weekend.
More than 50 users replied to Twitter and Resetera threads on Sunday claiming to have had their accounts illegally accessed.
One Twitter user wrote: “My account was accessed numerous times overnight. My password is a unique string and my PC is definitely clean (not that I ever login via it). Lots of similar reports on Reddit/twitter. Unlink PayPal & enable 2FA folks!”
A Resetera user added: “Yep. I had a unique password. I got an access notification that someone in the US used Firefox to access my account, which I never use. I changed to another random unique password. 30 minutes later, I got accessed from Russia. Changed the PW again and added 2FA.”
The reports follow a social media campaign by Nintendo urging users to activate the more secure 2FA account feature.
Two-form authentication requires users to use the Google Authenticator app to verify account login attempts. Detailed instructions on how to activate the feature can be found on Nintendo’s support page.
Earlier this month Nintendo urged users in multiple regions, including Europe and America, to activate 2FA.
The Nintendo Japan Support Twitter acknowledged this month that the firm had seen an increase in unauthorised logins.
It had earlier claimed that third-party logins were accessing users’ credit card data and on Sunday Nintendo Switch users in the region were briefly unable to complete credit card purchases.
Video game platforms have seen a significant spike in usage in the past month after countries around the world introduced isolation measures to combat the coronavirus pandemic.
Nintendo’s network services suffered downtime in March, likely as a result of people spending more time playing games online than usual.
According to one cybersecurity company, cybercriminals are increasingly targeting entertainment services as their popularity and demand skyrocket due to isolation.
“As people around the world are being asked to remain in their homes due to the coronavirus pandemic, many are turning to these streaming services for entertainment,” said Proofpoint cybersecurity strategist, Adenike Cosgrove.
“Attackers will likely follow this pattern and increase their theft and selling of account credentials. We recommend that consumers take a few simple steps to protect their accounts and identify and remove any unauthorised users.”
There’s currently no evidence that the Nintendo Online service itself has been breached. VGC has reached out to Nintendo for comment on this story.