Cybercriminals are targeting Nintendo accounts

When I received the first email message that there was a new login to my Nintendo account in the US, I assumed that my partner had activated the Switch and was attempting to browse the eShop When I received the second email message that there was a new login from China on my Nintendo account, I knew something was up

For those who haven't had a Nintendo system online for a while, the Nintendo Account is what allows you to access the eShop, play Switch games online, and log into one of Nintendo's few mobile games

Like most other online gaming accounts, it can store payment information such as credit card and PayPal accounts, making it an attractive target for malicious individuals

Eurogamer reports that I am not alone in Nintendo's predicament; Eurogamer staffers are facing the same problem, and Twitter users have even more horror stories to share

If you're lucky, like me, cybercriminals gain access to your account, see nothing of interest there, and log you out again However, if your payment details are saved, you may face a string of fraudulent purchases, especially currency for cross-platform games like Fortnite

Nintendo has not commented directly on the issue, but the company has tweeted a timely PSA about enabling two-factor authentication (2FA), suggesting that the company is aware of the situation in some way

Let's be frank: If you have a Nintendo account, you need to enable 2FA Simply changing your password is not a sufficient defense

In any case, it is not difficult to enable 2FA Simply login to your Nintendo Account in your web browser and click on "Sign In and Security Settings" from the menu on the left side At the bottom of the page you will find an option called "Set up 2-step verification" Click on "Send Email," and the Nintendo website will guide you through the rest of the process

Basically, you'll use a phone app called Google Authenticator to enter a six-digit code every time you log into your Nintendo account from now on (The Authenticator is tied only to your phone, so even if a third party guessed your password, they would not be able to log in

There are several other ways to keep your Nintendo account secure, though not as effective as 2FA

The first is to change your sign-in method, forcing you to sign into your Nintendo account using only your username (This is harder to guess than an email address, especially if cybercriminals have picked up the login information from an old data breach)

In addition, it can also remove any payment options stored in the Nintendo account This means that you will have to manually enter your credit card information every time you purchase a new game, but trust me, it is better than having an intruder grab your credit card information

It is not clear how the cybercriminals obtained Nintendo's login data My guess is that they "comb through old data leaks and hope that the usernames and passwords are still available," otherwise known as "credential stuffing" However, there is always the possibility that a clever hacker has figured out a way to gain direct access to Nintendo's data banks

Until then, 2FA will keep you safe Remember, if you don't have 2FA enabled, you could be subject to identity theft And getting it overturned is a real problem