Mass login attempts compromise 24,000 Nintendo site accounts
Posted on 08 July 2013.
Some 24,000 user accounts - but luckily no user financial information - were compromised in mass login attempts to the Club Nintendo website.

The global website is a Nintendo member rewards site, on which users are urged to register their Nintendo products and consoles, answer surveys, and so on in exchange for gamer points and exclusive products.

According to the company, the (initially intermittent) unlawful login attempts have started on June 9, but they were spotted only on July 2, when the number of attempts became massive - 15.5 million in all - and most of them failed.

Only Japanese accounts were targeted, it seems, and the attackers probably used a list of logins and passwords obtained from a hack of some other online service geared towards Japanese users.

The members' names, home addresses, phone numbers, and email addresses were compromised, but no credit or debit card information as members didn't need to provide it from the get-go. No gamer points from the compromised accounts were misused.

Computerworld reports that Nintendo has suspended the affected accounts, and has been notifying their owners, asking them to reset and change their password.


More than 900 embedded devices share hard-coded certs, SSH host keys

SEC Consult analyzed firmware images of more than 4000 embedded devices of over 70 vendors and found that, in some cases, there are nearly half a million devices on the web using the same certificate.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Nov 26th