Nintendo says on its Japanese support page that login information was “obtained illegally by some means other than our service.” The company believe the hackers were able to do this by impersonating Nintendo Network IDs, the old login information used on the Wii U and 3DS. The hackers were then able to access users’ Nintendo accounts — used on the Switch and Nintendo’s mobile games — via their associated NNIDs. Hackers were able to view the nickname, date of birth, gender, country, and email address of those affected. Although they did not have access to payment information, they were able to make payments via the compromised accounts. The breach appears to have begun in early April. In response, the company has disabled the ability to log in to Nintendo accounts via NNIDs, and it has reset passwords for accounts that may have been compromised.
— Nintendo of Europe (@NintendoEurope) April 24, 2020 The company says it will notify you via email if you’ve been affected; you will be required to reset your password next time you log in. Nintendo also cautions that from here on out, you should set different passwords for your NNID and Nintendo accounts, and says you should reach out if you see a suspicious purchase. We recommend you enable two-factor authentication on your Switch to significantly reduce the chances of your account being compromised in the future. Via CNET