Back in late April, we reported that over 160,000 Nintendo Network ID (NNID) accounts for Wii U and 3DS had been compromised. That number has grown to over 600,000, and Nintendo is notifying affected users. Nintendo also disabled the NNID system until the issue can be addressed properly.

Nintendo estimates that these unauthorized persons may have had access to user data stored on their NNID account, including birthdays, email addresses, and other biographical information. Credit card information remains secure, but some users with a linked PayPal account had unauthorized purchases. The company is working on issuing refunds to affected individuals.

RELATED: Twitch Streamer Loses Key, Thief Watches Avatar: The Last Airbender

Nintendo recommends that users, especially those who receive a notice, enable two-factor authentication to their accounts immediately, as well as reset their passwords, which is already a good idea for all web services that have payment information saved. Nintendo also has a page accessible through the user's account details to check the history of logins from various devices into the account.

nintendo account breach

Do not reuse old passwords, nor use the same password on multiple websites, including between NNID and the Nintendo account itself. Users who had the same password on both may have had their PayPal information compromised, and there are confirmed cases of unauthorized purchases being made, usually for in-game items such as microtransactions and loot boxes. These were likely targets because often these criminals can trade or gift them to other accounts and later sell them to others for under the web store's asking price. Such transactions are almost never recorded, making it the proverbial "perfect crime."

Intrusion into online accounts is an unfortunate reality for all web-based services, especially ones that have payment information saved. Unscrupulous individuals from around the world attempt to gain entry into innocent users' every day, sometimes with the intent to sell the account itself to the highest bidder. Server owners have to stay one step ahead of them to keep people from gaining unauthorized access to their network. Even then, sometimes the black-hat hackers win.

Some browsers offer an automatically generated secure password, but that might not be feasible to users who also have to remember those passwords long enough to punch them into their Nintendo product.

MORE: Get Four Great Wii U Games for $25 Today

Source: EuroGamer