15 MILLION dodgy login attempts spaffed all over Nintendo loyalists

Thousands of players plundered for their hard-earned booty


Hackers broke into 24,000 Club Nintendo accounts after pummelling the loyalty-reward website in a month-long assault.

The games console titan revealed that the sustained brute-force attack exposed the names, addresses, phone numbers and other personal details of thousands of its customers.

Nintendo has reset a number of passwords as a first step towards resolving the problem. Hackers began probing Ninty's network on 9 June, but their volleys were only detected nearly a month later - on 2 July.

An investigation subsequently uncovered evidence of more than 23,926 unauthorised but successful logins. Nearly 15.5 million logins were attempted during the cyber-battering, The Japan Times reports.

Club Nintendo allows players to gain points by purchasing games or consoles. These points can be redeemed for goods such as CDs, and it is likely that this is what motivated the attack. The console maker is promising to beef up security in the wake of the assault, one among a growing list of security incidents involving video gaming firms.

A Nintendo representative told gaming news site Computer and Video Games that only users in the Wii maker's home turf of Japan were affected.

Last week games publisher Ubisoft announced that in had fallen victim to a hack attack, prompting a decision to force a reset of customers' uPlay passwords. Neither the Ubisoft nor the Nintendo breaches involved financial records.

Both were on a much smaller scale than the infamous PlayStation Network breach of April 2011, which led to the suspected compromise of 77 million accounts. PSN was taken offline for more than a month to sort out the resulting mess, the worst of its kind in history. ®


Other stories you might like

  • The PainStation runs Windows XP because of course it does
    Retro fun and games in Berlin's ComputerSpieleMuseum

    Curious about the history of home computing both west and east of the iron curtain? Berlin's ComputerSpieleMuseum in Germany's capital has you covered.

    Museum director Matthias Oborski was The Register's guide around the ground floor site of the museum, which is located among the Soviet buildings of Berlin's Karl-Marx-Allee (a five-minute metro ride from Alexanderplatz, or 25-minute walk if you want to take in the brutalist architecture).

    After the reception, with its impressive Soviet-era mosaic still in-situ behind the cheerful staff, there is a temporary exhibition celebrating the role of food in computer games. Oborski winced a little at the word "temporary" – it had been set up in 2019 and was still in place due, mainly, to the events of the last few years.

    Continue reading
  • Israeli air raid sirens triggered in possible cyberattack
    Source remains unclear, plenty suspect Iran

    Air raid sirens sounded for over an hour in parts of Jerusalem and southern Israel on Sunday evening – but bombs never fell, leading some to blame Iran for compromising the alarms. 

    While the perpetrator remains unclear, Israel's National Cyber Directorate did say in a tweet that it suspected a cyberattack because the air raid sirens activated were municipality-owned public address systems, not Israel Defense Force alarms as originally believed. Sirens also sounded in the Red Sea port town of Eilat. 

    Netizens on social media and Israeli news sites pointed the finger at Iran, though a diplomatic source interviewed by the Jerusalem Post said there was no certainty Tehran was behind the attack. The source also said Israel faces cyberattacks regularly, and downplayed the significance of the incident. 

    Continue reading
  • Beijing approves first new video games in nine months
    14,000 small developers reported to have gone out of business during approval hiatus

    After a nine month pause, Beijing has finally granted new video game licenses to 45 titles.

    The approvals arrived on Monday through China's National Press and Publication Administration (NPPA). The newly approved titles hail from video game makers Lilith Games, Baidu, XD, and Seasun Entertainment – but curiously not Chinese gaming giants NetEase nor Tencent.

    China uniquely requires video game publishers to secure regulatory approval ahead of release, and NPPA suddenly ceased granting approvals back in July 2021. Prior to the halt, between 80 and 100 video games were approved monthly. The last batch, released in July, contained 87 titles.

    Continue reading
  • Stolen-data market RaidForums taken down in domain seizure
    Suspected admin who went by 'Omnipotent' awaits UK decision on extradition to US

    After at least six years of peddling pilfered personal information, the infamous stolen-data market RaidForums has been shut down following the arrest of suspected founder and admin Diogo Santos Coelho in the UK earlier this year.

    Coelho, 21, who allegedly used the mistaken moniker "Omnipotent" among others, according to the US indictment unsealed on Monday in the Eastern District of Virginia, is currently awaiting the outcome of UK legal proceedings to extradite him to the United States.

    The six-count US indictment [PDF] charges Coelho with conspiracy, access device fraud, and aggravated identity theft following from his alleged activities as the chief administrator of RaidForums, an online market for compromised or stolen databases containing personal and financial information.

    Continue reading
  • Hackers weigh in on programming languages of choice
    Small, self-described sample, sure. But results show shifts over time

    Never mind what enterprise programmers are trained to do, a self-defined set of hackers has its own programming language zeitgeist, one that apparently changes with the wind, at least according to the relatively small set surveyed.

    Members of Europe's Chaos Computer Club, which calls itself "Europe's largest association of hackers" were part of a pool for German researchers to poll. The goal of the study was to discover what tools and languages hackers prefer, a mission that sparked some unexpected results.

    The researchers were interested in understanding what languages self-described hackers use, and also asked about OS and IDE choice, whether or not an individual considered their choice important for hacking and how much experience they had as a programmer and hacker.

    Continue reading
  • Devil-may-care Lapsus$ gang is not the aspirational brand infosec needs
    Hitting big targets, untouchable, technically proficient. Who will it inspire next?

    Analysis The Lapsus$ cyber-crime gang, believed to be based in Brazil, until recently was best known for attacks on that country's Ministry of Health and Portuguese media outlets SIC Noticias and Expresso.

    However, the gang is climbing up the ladder, swinging at larger targets in the tech industry. Over the past few weeks, those have included Nvidia, Samsung, and Argentine online marketplace operator Mercado Libre. Now, Lapsus$ is suspected of attacking game developer Ubisoft.

    Lapsus$ in February compromised Nvidia, stealing a terabyte of data that included proprietary information and employee credentials, and dumping some of the data online. The crew also demanded the GPU giant remove limits on crypto-coin mining from its graphics cards, and open-source its drivers.

    Continue reading
  • New York Times outlays seven-figure sum for 1,900 lines of JavaScript – yes, we mean Wordle
    Developer overwhelmed by game's runaway success, doesn't oppose future paywall

    Viral online puzzle game Wordle has been acquired by The New York Times Company (NYTCo), publisher of The New York Times.

    The game requires players to guess a five-letter word within six turns – a task made easier by Wordle offering clues that players have chosen letters used in the word, and whether or not they are in the right position. Gameplay is similar to codebreaking pegboard game Mastermind, but with 26 different "pegs" – and of course the answer has to be an English word. A single puzzle is offered daily.

    Wordle was created by a sole developer, Josh Wardle, as a lockdown distraction for his partner. It took off when Wardle added a feature allowing players to share their results, and is now thought to have millions of daily users – up from mere thousands in October 2021.

    Continue reading
  • Tesla disables in-car gaming feature that allowed play while MuskMobiles were in motion
    Hey Elon, it's no secret that distracted driving is a major cause of US car fatalities

    A software upgrade will disable a "feature" that allows the touchscreen on Tesla cars to play video games - even while the vehicles are in motion- after the USA's National Highway Traffic Safety Administration (NHTSA) investigated a complaint about the tech.

    The feature, called "Passenger Play", has been available since 2020 in the Tesla Model 3, S, X, and Y. As the name implies, it was aimed at passengers. Prior to 2020, occupants of the car could only play games while the vehicle was in park.

    “Following the opening of a preliminary evaluation of Tesla’s ‘Passenger Play,’ Tesla informed the agency that it is changing the functionality of this feature. In a new software update, “Passenger Play” will now be locked and unusable when the vehicle is in motion,” said a statement from NHTSA.

    Continue reading
  • New World: Grindy? Check. Repetitive? Check. Fun? We hate to say it... but check
    Goddamn it, Jeff Bezos' lot can make a passable MMORPG after all

    The RPG Greetings, traveller, and welcome back to The Register Plays Games, our (sometimes) monthly gaming column. At long last, New World is out and we've been diligently grinding our faces off to answer the question: Can Jeff "mountains of cash" Bezos make a decent MMO?

    On 28 September, Amazon Games released its first serious, big-boy-pants-on video game: New World. Why does this matter? First of all, it's Amazon. Not content with anything short of global domination, Jeff Bezos' e-commerce and cloud computing juggernaut has had a sticky start with gaming – two titles prior to New World, Breakaway and Crucible, were scrapped – and people would love to see the venture fail. I would love to see the venture fail.

    Secondly, New World is an MMORPG. That's "massively multiplayer online roleplaying game" to the untainted. As far as game development goes, it's hard to think of a more complicated and ambitious genre, especially as this has transpired to be Amazon's "debut" outside of the mobile platform.

    Continue reading
  • American diplomats' iPhones reportedly compromised by NSO Group intrusion software
    Reuters claims nine State Department employees outside the US had their devices hacked

    The Apple iPhones of at least nine US State Department officials were compromised by an unidentified entity using NSO Group's Pegasus spyware, according to a report published Friday by Reuters.

    NSO Group in an email to The Register said it has blocked an unnamed customers' access to its system upon receiving an inquiry about the incident but has yet to confirm whether its software was involved.

    "Once the inquiry was received, and before any investigation under our compliance policy, we have decided to immediately terminate relevant customers’ access to the system, due to the severity of the allegations," an NSO spokesperson told The Register in an email. "To this point, we haven’t received any information nor the phone numbers, nor any indication that NSO’s tools were used in this case."

    Continue reading

Biting the hand that feeds IT © 1998–2022