Nintendo confirms data stolen via third-party cyberattack - but sadly no big secrets were revealed

Nintendo confirms data stolen via third-party cyberattack - but sadly no big secrets were revealed

Shadowbyt3$ is asking for $2 million in exchange for the data, but Nintendo seemingly turned the offer down.

Nintendo of America has confirmed suffering a third-party data breach incident, but played down its severity. An “extortion-as-a-service” hacking group called Shadowbyt3$ recently claimed to have breached Nintendo of America, a subsidiary of the Japanese gaming giant, operating in the United States, Canada, and some Latin America countries, and exfiltrated sensitive data on its employees.

The crooks said they stole almost 1GB of internal data, which included personal details belonging to the company’s employees, and gave Nintendo of America 48 hours to engage in negotiations before leaking the files and demanded $2 million in ransom.

What is TinyPulse?

The group claims to have nabbed people’s names, email addresses, analytics and survey data, bank statements, and W-9 forms containing employee IDs, progress plans, and reports between 2016 and 2026. They later added that the breach didn’t affect the company’s gaming department, but rather employees who used TinyPulse.

TinyPulse is an employee engagement and feedback platform companies use to measure how employees feel about their workplace. It is best known for sending short, frequent "pulse surveys” to collect honest feedback from staff.

Nintendo’s response

In a statement given to BleepingComputer, Nintendo of America confirmed the third-party data breach.

“We are aware of an issue involving TinyPulse, a third-party service used for internal employee surveys at Nintendo of America,” the company told the publication. “Nintendo’s systems have not been compromised, and no personal customer or financial data has been accessed.”

“The data involved is limited to internal survey content comprising a small subset of our employees, and most of the information dates back several years,” the company stressed, adding that it is now “working with the service provider to address the issue”.

Aftermath

Shadowbyt3$ later shared a link to a data set allegedly containing direct messages and conversations between employees. This either means the negotiations broke down, or that the crooks were simply trying to put Nintendo under more pressure. No analysts yet confirmed the authenticity of the leaked information.

Via BleepingComputer

➡️ Read our full guide to the best antivirus:

1. Best overall: Bitdefender Total Security
2. Best for families: Norton 360 with LifeLock
3. Best for mobile: McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting. Please logout and then login again, you will then be prompted to enter your display name.