According to Den of Geek, a data attack could have exposed the account information around 160,000 registered Nintendo users. With the latest data breach story, not only has the Japanese gaming giant Nintendo suffered from a data breach, hackers may have also gained access to users’ personal information. Such data will have included such personal identifiable information as date of birth, gender, country (or region), email addresses and more.
Nintendo’s data security provides evidence that attackers are viewing this industry as a viable and attractive target. The issue came to light after Nintendo users received e-mails alerting them to the new logins credentials being set-up in relation to their accounts.
Looking at the issue for Digital Journal, Anurag Kahol, CTO, Bitglass, explains the implications for digital gaming: “Nintendo’s recent security incident further demonstrates how the hundred-billion-dollar video game industry is a growing target for cybercriminals.”
In terms of the significance, hackers can do a great deal with such data, should they get hold of it, as Kahol states: “Personally identifiable information (PII) and financial information are often connected to users’ gaming accounts, which is valuable data that attackers can use to commit financial fraud, identity theft, and trade on dark web marketplaces. Popularly, attackers will compromise and steal valid, high ranking gaming accounts and sell them for a generous profit.”
With the specific issue, the full details have yet to emerge, as Kahol explains: “How the hackers collected the logins to launch a series of credential stuffing attacks against the impacted Nintendo accounts has yet to be confirmed, but this incident still underscores why organizations must have full visibility and control over their data to prevent unauthorized access to sensitive customer information. ”
In terms of the necessary steps that the video gaming industry should be instigating, Kahol acknowledges: “To safeguard customer data, organizations should leverage multi-faceted solutions that enforce real-time access control, detect misconfigurations, encrypt sensitive data at rest, manage the sharing of data with external parties, and prevent data leakage.”
Furthermore, other protective measures include: “Additionally, basic password protection is a must for organizations looking to protect their data. Organizations must authenticate their users in order to ensure they are who they say they are, before granting them access to their systems. Fortunately, multi-factor authentication (MFA) and user and entity behavior analytics (UEBA) are two tools that can help companies defend their data.”