A global attack on hacked Nintendo Switch Fortnite accounts has been costing gamers real cash since last month.
Beginning in March 2020, users started reporting unauthorized access to their accounts and that their money was being used to purchase items.
It has been widely reported across many forums, including Nintendo’s Twitter account that the funds are mostly being used on Fortnite but some Nintendo games have also been purchased.
Some users are reporting that up to $300 are being illegally used to purchase V-Bucks for someone else’s Fortnite account.
It appears that a lot of the illegal hacks are linked to PayPal accounts that have been linked for authorized use with Nintendo eShop.
One user even reported that his PayPal advisor was a victim of this latest attack!
ZDNet has confirmed that the hacking activity is being facilitated and purchased via ads across the web:
The ads apparently solicit prospective purchases, whereby, upon payment for a specified amount of V-Bucks, the hacker then obtains the digital currency for use in Fortnite.
The concerning part of this horrible activity is that a lot of the users attacked report that they use complex passwords via encrypted password managers.
Because of this, at the moment, the method of hacking is currently unknown.
It appears that traditional hacking techniques such as “Brute Force” and “Password Spraying” are not being employed, but rather a new method has been devised.
PayPal has not commented on this issue, however, Nintendo has been urging users to change their passwords using “Two-Form Authentication“, or 2FA.
Securing your account while this issue is being investigated, and probably still going on is a good idea.
Fortunately, setting up 2FA is pretty simple and doesn’t take up much time.
In order to secure your account and configure your account for 2FA, follow these simple steps:
Log in via Nintendo’s Account page:
While there, do the following:
- Change your password; it is recommended that you use a password manager to create a complex password for you.
- Sign out from all devices; you will need to sign out since a hacker may still be signed in and able to use your account. Note that this needs to be done after changing your password otherwise it is essentially useless.
To enable 2FA, go to the following URL while still logged in (from official Nintendo instructions):
- Select Sign-in and security settings, then scroll down to 2-Step Verification and click Edit.
- Click 2-Step Verification settings and follow the steps given to configure security for your account.
- Click Send email to have a verification code sent to the email address on file.
- If the email address is incorrect, click the Email address menu setting under User Info to change it.
- Enter the verification code from the email, then Submit.
- Install the Google Authenticator app on your smart device.
- This is a free app, available through Google Play (Android) and the App Store (iOS).
- Use the smart device app to scan the QR code displayed on your Nintendo Account screen.
- A 6-digit verification code will appear on your smart device. Enter the verification code into the field under step 3 on the Nintendo Account screen, then Submit.
- A list of backup codes will appear. Click Copy to copy all the codes, then paste them somewhere safe.
- A backup code will be required to log in if you don’t have access to the Google Authenticator app. MAKE SURE TO KEEP THESE SOMEWHERE SAFE. You can use these (one time each) if you do not have access to the Google Authenticator app.
- Click I have saved the backup codes, then OK.
Once set, you can return to the 2-step verification settings section to review the backup codes and remove the 2-step restriction.
Enabling 2FA ensures that there is an extra step of security when logging in, therefore making it that little bit more difficult for hackers.
You should also check your account for any unauthorized activity and report it to Nintendo, no matter how small.
Account hacking is an issue that plagues the current online world, however, with a little more vigilance on your part, you can make it more difficult.
While companies do all that they can to protect users from such activity, we all share some of the responsibility for securing our accounts.
That being said, you would be forgiven for thinking that using a complex password manager should be enough.
It appears that in this case, it isn’t since the hackers seem to be using a new technique for accessing accounts secured with the most complex passwords.
Performing the steps outlined should prevent future unauthorized access to your account.
I know that 2FA is a bit of a pain in the rear, but is now becoming a necessary optional step for account security and one that most companies will probably make a requirement of in the future.
The number of cases in this latest attack on Nintendo accounts is currently growing and only through social media did it become known.
If you have been attacked yourself or you can offer help and guidance, then please keep everyone informed as much as you can.
Please share your thoughts in the comments section.
Font supplied by https://fontmeme.com
All images are copyright of their respective owner(s) and ChartX Games where applicable.
Michael is the sole writer and owner at chartxgames.com.
Many thought that his youth (and adulthood) playing video games was a waste of time but here he is writing about them for a living.
Michael has a background in IT and enjoys (apart from video games) building and repairing PC’s, digital artwork (Photoshop, 3DS Max) and has interests in too many subjects to mention.