Nintendo also acknowledged that hackers may have illegally made purchases on affected accounts using existing balances, credit cards, and PayPal accounts belonging to the victims. This could have occurred if someone used the same password for their Nintendo account and NNID.
"We sincerely apologize for any inconvenience caused and concern to our customers and related parties. In the future, we will make further efforts to strengthen security and ensure safety so that similar events do not occur," Nintendo said in a statement (translated from Japanese).
In case it's not obvious, the reason unique passwords should be used for different accounts is to protect against a single security breach affecting multiple accounts at the same time. At the very least, it's a good idea to use different passwords for accounts that matter, like banking institutions and any services that are tied to payment methods and/or contain personally identifiable information.
How To Configure Two Factor Authentication On Your Nintendo Account
Setting up two-factor authentication is not difficult, though there are several steps involved. Fortunately, you only have to set this up once. Here's how...
- Go to the Nintendo Account website and sign in to your Nintendo Account.
- Select Sign-in and security settings, then scroll down to 2-Step Verification and click Edit.
- Click 2-Step Verification settings.
- Click Send email to have a verification code sent to the email address on file.
- If the email address is incorrect, click the Email address menu setting under User Info to change it.
- Enter the verification code from the email, then Submit.
- Install the Google Authenticator app on your smart device.
- Use the smart device app to scan the QR code displayed on your Nintendo Account screen.
- A 6-digit verification code will appear on your smart device. Enter the verification code into the field under step 3 on the Nintendo Account screen, then Submit.
- A list of backup codes will appear. Click Copy to copy all the codes, then paste them somewhere safe.
- A backup code will be required to log in if you don’t have access to the Google Authenticator app. MAKE SURE TO KEEP THESE SOMEWHERE SAFE.
- You can use these (one time each) if you do not have access to the Google Authenticator app.
- Click I have saved the backup codes, then OK.
- Once set, you can return to the 2-step verification settings section to review the backup codes and remove the 2-step restriction.
Once you have done this, it will be far less likely that someone will gain unauthorized access to your account.