Author Topic: Nintendo Accounts Possibly Breached: Recommendation To Turn On Two Factor Authentication  (Read 4444 times)

0 Members and 1 Guest are viewing this topic.

Offline Shaymin

  • Not my circus, not my monkeys
  • NWR Staff
  • Score: 70
    • View Profile
    • You're on it

The old Nintendo Network may be to blame for this one.

http://www.nintendoworldreport.com/news/53561/nintendo-accounts-possibly-breached-recommendation-to-turn-on-two-factor-authentication

There is an imminent security threat for Nintendo accounts, and all holders are advised to turn on two-factor authentication to counter it.

Multiple reports of Nintendo accounts having multiple hundreds of dollars in downloadable content purchases - usually Fortnite V-Bucks - have emerged in recent days, and a writer for technology website Ars Technica reported it yesterday. Nintendo responded to Ars today, stating they are aware of the reports and recommending 2 factor authentication, and providing a process for recovering compromised accounts. Although not confirmed - Nintendo is not commenting on the root cause - it is suspected that people were able to gain access through an exploit targeting the old Nintendo Network ID system.

The 2 factor authentication is done by way of a smartphone application, such as Google Authenticator, though applications such as Microsoft's authenticator or Twilio's Authy can also work. There are also guides for using Google or other authenticators on PCs. A smartphone application is recommended for 2-factor in order to prevent potential hijacking of a text messages.

Donald Theriault - News Editor, Nintendo World Report / 2016 Nintendo World Champion
Tutorial box out.

Offline TurdFurgy

  • Score: 2
    • View Profile
What's this about hijacking text messages? What does that have to do with the Nintendo Network? I don't understand.

Offline Lemonade

  • A True Gaming Hero
  • *
  • Score: 14
    • View Profile
About a week ago I suddenly getting heaps of log ins on my account that were not me. I added the 2 step login and that fixed it.

Thankfully no money was taken


Offline Order.RSS

  • Resident Evil 420
  • Score: 32
    • View Profile
Are there any tangible benefits for coupling an NNID (3DS/Wii U) to a Nintendo Account (Switch)? Could people unlink them, or are they permanently tied?

What's this about hijacking text messages? What does that have to do with the Nintendo Network? I don't understand.

It has to do with 2 factor authentication/multi-factor authentication (2FA/MFA).
2FA/MFA are methods to increase security on accounts. It requires new logins to not only provide the correct username + password combination, but also sends a temporary code to a mobile phone. Those temporary codes are time-sensitive and need to be entered within a certain timeframe (30 seconds for example).

Where the SMS/text message hijacking comes into place is at this step.
SMS/text messages can be spoofed (faked). If someone has access to your Account, they can perhaps figure out your phone number. (Maybe it's in the NNID account info they've got access to, or maybe they just try to use your password across many services to see if an account re-uses that password.)
From there, using spoofing, they could still intercept the 2FA/MFA temporary code, and use that to compromise your Switch Account.

It's more hoops to jump through, yes, but this is why services are pushing clients away from SMS/text-based 2FA, and towards using an app like Authy/Google Authenticator/Microsoft Authenticator. Those should encrypt the temporary code, making it more difficult for outsiders to crack the unique code within the 30 second timeframe.

TL;DR: texting/SMS is thought of as a less secure method of communication than using end-to-end encrypted methods. Thus, 2FA login codes are phasing out SMS and favouring encrypted Apps.

Offline NWR_insanolord

  • Rocket Fuel Malt Liquor....DAMN!
  • NWR Staff Pro
  • Score: -18986
    • View Profile
Fun fact: Once I had 2FA set up with my Nintendo account I went and set it up with a bunch of other things too, including the other game systems, and Sony's PSN only supports 2FA via text message.
Insanolord is a terrible moderator.

J.P. Corbran
NWR Community Manager and Soccer Correspondent

Offline Mop it up

  • And I've gotta say...
  • Score: 125
    • View Profile
Are there any tangible benefits for coupling an NNID (3DS/Wii U) to a Nintendo Account (Switch)? Could people unlink them, or are they permanently tied?
If I remember rightly, this is what unifies the eShop wallet across all the platforms.

Offline Shaymin

  • Not my circus, not my monkeys
  • NWR Staff
  • Score: 70
    • View Profile
    • You're on it
Fun fact: Once I had 2FA set up with my Nintendo account I went and set it up with a bunch of other things too, including the other game systems, and Sony's PSN only supports 2FA via text message.

This was a real irritant when I had to change my phone number last summer, but it was honestly worse that my bank also uses SMS for 2FA.
Donald Theriault - News Editor, Nintendo World Report / 2016 Nintendo World Champion
Tutorial box out.

Offline stevey

  • Young HAWNESS
  • Score: 15
    • View Profile
Are there any tangible benefits for coupling an NNID (3DS/Wii U) to a Nintendo Account (Switch)? Could people unlink them, or are they permanently tied?

You're able to friend people from your friend lists on both the WiiU and 3DS
My Demands and Declarations:
nVidia is CRAP!!!
BOYCOTT Digest mode and LEGEND OF OO!

Your PM box will be spammed with Girl Link porn! NO EXCEPTION!
Wii want WaveBirds

Stevey Duff
NWR HAWTNESS Inspector
NWR Staff All Powerful Satin!