Nintendo Fan Site Data Leaked After Hackers Attacks
Data belonging to more than 20,000 users was leaked due to the breach in Nintendo servers. The vulnerability was exploited by a group of hackers which conducted attacks for almost an entire month.
The main target of the attacks was a fan/membership site called Club Nintendo. The purpose of the site is to register products, conduct surveys and give away coins or credits to the users, which can be exchanged to limited edition items or other rewards. The siege of Club Nintendo lasted from June 9 to July 4, during this time the hackers made millions of log-in attempts, 23,926 out of them were successful. Unfortunately, Nintendo was not aware of the situation until July 2, when “access error occurred” which unraveled a mass log-in attempt. According to a recent press release made by Nintendo the hackers had a list of log-ins and passwords acquired from an unknown third party company. What is more, it is believed that the third party source is associated with the Club Nintendo itself.
Club Nintendo connects a world wide community, although the majority of its user are from Japan. The data which was lost included user names, telephone numbers, physical and email addresses. Fortunately, no information associated with finances was lost, because Club Nintendo site does not operate with any financial data. After the breach was detected, Nintendo immediately suspended the passwords and the accounts of the hack victims, and insisted that users should change their log-in information. Company’s representative Yaguhiro Minagawa told the Network World that the data losses only affected Japanese accounts.
These attacks are similar to the ones conducted against Sony’s PlayStation Network couple of years ago. Those events affected 100 million users and PSN was taken down for several weeks. What is more, due to the attacks a chain reaction happened revealing security breaches in other servers associated with Sony. As a result, Sony was fined with $400,000 earlier this year. Until the Club Nintendo attack Ubisoft was the latest victim of cyber criminals. The attack on latter company also resulted in a massive information loss such as email addresses, users’ log-ins and encrypted passwords.