Nintendo says 160,000 users impacted in recent account hacks | ZDNet
Nintendo disconnects NNID legacy login system from main Nintendo profiles after massive account hijacking campaign.
Japanese gaming company Nintendo confirmed today that hackers abused its NNID legacy login system, which let hackers access more than 160,000 Nintendo accounts and use attached payment card info to buy Fortnite currency and other digital items. The offending parties may have also gained access to personal information, including D.O.B. and email addresses.
According to Jason Kent, Hacker in Residence at Cequence Security:
“Organizations need to pay attention to not only points of access in production environments but also all their deprecated and development endpoints. These often-forgotten and unsecured APIs can be used by hackers to gain side-door access into systems to achieve the same access to confidential information and monetary gain as if they went through the front door. Unfortunately, most organizations lack full visibility of their APIs, making it a challenge to adequately secure them. “