Many users are reporting that hackers have managed to take over their Nintendo accounts and use their PayPal to buy stuff on Fortnite. Even worse, many stated that they were able to retrieve their account, changed their passwords, and somehow got hacked again. The only way to protect yourself right now would be to enable two-factor authentication. Nintendo is officially urging users to do it, while numerous users state that the Japanese gaming company was open to refunding fraudulent charges.
My nintendo acc got hacked a few weeks ago but I caught it fast enough, and my bf's account just got hacked yesterday. This has been happening to a ton of people and most cases result in $100+ charges for fortnite currency.. Would highly suggest setting up 2factor ASAP
— cillia ☆ (@cillia) April 19, 2020
Whoever hacks Nintendo accounts to buy Vbucks with Paypal for Fortnite, I hope you step on Lego's for the rest of your life and Karma will strike.
— ꧁Littlemyuu꧂ (@_Sceptile_) April 17, 2020
Searching on Twitter, we’ve found that it has been happening since the beginning of the year, albeit not at the current increased rates. ZDNet has found that there’s an uptick in associated listings on dark web markets right now, offering “V-Bucks” acquired from Nintendo Switch accounts. It looks like hackers rely on players who are self-isolating at home and would prefer to pay less for Fortnite currency. Epic Games sells 13,500 V-Bucks for $100, but hackers are selling the same amount of in-game currency for just $25. In some cases, $40 would buy you 40k V-Bucks, so you can get the marketing idea here.
Nintendo is advising its customers to regularly review their sign-in history to identify any abnormal events, reset their credentials, sign out from all devices, and enable two-factor authentication. If you have added payment methods on your account, review the purchasing history now and try to identify any activity that doesn’t match your own. The sooner you report the fraudulent activity to Nintendo, the more likely it is that the gaming company will be able to offer compensation. However, you should not rely on that, but instead, do everything you can to protect your account proactively.
We would suggest that you remove payment authorization if possible and use one-time cards like “Pay-Safe,” or add them each time you need to purchase something. I know this doesn’t sound very convenient, but the truth is convenience and security are rarely a harmonious match anyway. Every time you enjoy the leisure of one-click purchases, you are giving away chunks of security. The players who report having been hacked have lost between $100 and $300, and while these amounts aren’t catastrophically large, they are still significant, especially during these rough times.