Well, this is not the news Nintendo wanted to hear. Apparently, a hacking group by the name of Crimson Collective claims they’ve successfully managed to hack into Nintendo’s systems, and have shared a screenshot seemingly showing files from those systems:
The picture the group shared, supposedly sharing directories on a Nintendo server
It’s worrying news given that Crimson Collective were the group that hacked Red Hat (a popular OS development company) a while ago, and gained infamy for their exploits in the last few years or so.
But is it true? And if it is true, what could the consequences be here?
As far as the first question is concerned, that’s definitely up for debate right now. Nintendo haven’t made any statement about a security breach relating to their systems yet, and the proof Crimson Collective ‘shared’ is definitely on the shaky side at best. Yeah, the list of directories does seem somewhat plausible as a software engineer, but it’s still just that. A picture showing a list of directories.
That doesn’t really prove anything. Yes, it could show an AWS bucket belonging to Nintendo or the contents on some major development server, but it could also show numerous other things too. It could show some directories relating to Nintendo of Europe, Japan, Australia or some other region, rather than anything particularly damaging to the company. It could show the contents of an old machine that the company hasn’t used years but forgot to take offline. Or heck, it could just show a bunch of directories the hackers set up locally. Without a confirmation from Nintendo (or anyone who works there), it’s currently impossible to know.
So while we’d say it’s plausible given the source involved, we’re not gonna assume one way or the other just yet.
Still, imagine the files are legit. Crimson Collective successfully hacked into Nintendo’s systems, and is about to hold the company for ransom. What could the effects here be?
Well, all sorts of things really. Many of which would be bad for not just Nintendo themselves, but their customers as a whole.
For one thing, it could have financial data relating to the official Nintendo store, or logs of Nintendo Network logins on the official website. That would be hugely damaging if true, and put many, many players at risk of being targeted by scammers or seeing their logins tested against other systems.
Yeah, we’re cautious enough to avoid reusing passwords here, but is everyone? Of course not. And some of those people are also the types to use simple dictionary words for their passwords too.
What’s more, that’s not even counting how much info for phishing could be included in those files and databases. Even if your password doesn’t get cracked and compromised or the site’s developers were wise enough not to have it store your credit card information on Nintendo’s servers, there’s still the danger that someone could use the names and addresses and contact details of Nintendo’s customers for future exploits down the line. Or abuse careless support staff that assume anyone with the person’s security question answers has to be the customer in question.
So, if like us you’re a Nintendo fan and have used their site to buy things before… it’s probably a good idea to change your password there soon. Or to at least make sure that you’re not using any of the info there in a way that could let hackers access other accounts.
As for possible consequences for Nintendo as a company… well, Crimson Collective seem to like holding companies for ransom under the threat that they’ll leak the stolen data if they’re not paid. Hence if any important game plans or Switch 2 technical info was on those servers, that could be very bad news for them indeed.
The terraleak gave hackers access to the files for Scarlet/Violet, Legends Z-A and gen 10, even if they didn’t release them yet
Since well, they really don’t want another Gigaleak or Teraleak on their hands. The idea of dozens of late Switch 1 era titles ending up on the internet is likely a nightmare scenario for them, as is the possibility that a Switch 2 dev kit or documentation gets leaked to the internet. Imagine the piracy scene now knows how the Switch 2 works internally and can use that info to extract data from the currently unhacked system and its games. It’d basically be the Switch 1 scenario all over again.
And that’s not even getting into the possibility of employee personal information getting leaked online. That already happened with the Teraleak to some degree (at least to Game Freak/Pokémon Company related staff), the idea of it happening to Nintendo employees as a whole would be even more damaging here.
So, the consequences for this being real are pretty damn severe indeed. Customer and employee personal data are on the line, and just about everything they’ve worked on could be at risk of ending up in the hands of random third-parties.
Here’s hoping for Nintendo’s sake that it’s not a real breach, or that the situation can be resolved quickly and without too many issues.
Source: