Up to 300,000 accounts accessed, company now admits.
Back in April, Nintendo admitted up to 160,000 user accounts had been accessed by unauthorised means – with linked payment methods used in some cases to make purchases.
Today, Nintendo has said it believes an additional 140,000 people were affected, for a total of 300,000.
In an update to its Japanese support site, Nintendo said it had reset the Nintendo Network ID (NNID) and Nintendo account passwords for these users, and contacted those affected.
Refunds have been processed for most customers whose account was used to make unauthorised payments and, Nintendo said, 300,000 people was less than one per cent of all NNID users.
But there’s no detail on when these additional customer accounts were breached, and why Nintendo had not detected these sooner.
In April, Nintendo faced criticism from fans it had been slow to notice a growing wave of reports from Switch owners who said their accounts had been accessed.
The company finally admitted there was an issue on 24th April, when it disabled Nintendo Account sign-in via NNID. This log-in method remains disabled as of today.
In a statement acknowledging the unauthorised access of accounts, Nintendo said there was no evidence of its own databases or servers being hacked – suggesting the user details used to log-in via NNID had been harvested elsewhere.
Those affected had private data such as their nickname, email, date of birth, gender and country/region made potentially viewable by a third party.
Credit card data was not accessible, though payments were taken via linked Paypal and bank accounts. These were typically for in-game currency in Fortnite, in bundles worth up to £99.
We’ve contacted Nintendo for an update on these latest accounts which have been affected.
Back in April, Nintendo told Eurogamer it “strongly recommended” switching on two-factor authentication for your Nintendo account – a guide to do so can be found here.