Earlier this year, Nintendo has confirmed that 300,000 Nintendo Network ID accounts had been compromised by way of “unauthorized logins”.
Currently, Nintendo mentioned that users’ login ID and passwords were “obtained illegally from other services by some other means” thus there are 3 likely situations.
1️⃣ Credential stuffing - attackers take usernames and passwords from other breaches and try them against assorted other services. If you reuse passwords between accounts, then you can fall victim to this attack methodology.
2️⃣Phishing- attackers trick you into disclosing your login details by sending you to a cloned site, or some other means of deception.
3️⃣ Brute force, where "weak" and common passwords are quickly discovered by an attacker.
Setting an easy password is indeed more convenient to remember, but also becomes an easy target as well. In this case, users that have the same password for their Nintendo network ID and Nintendo accounts, are potential targets of having their paypal account fall prey onto wrong hands.
Nintendo is also encouraging users to make use of the two-factor authentication option that is available to them as an additional layer of security.
