Calling themselves Shadowbyt3$, a group of attackers claimed responsibility for stealing employee data from Nintendo of America. The cybersecurity incident did not directly affect Nintendo’s servers. A vulnerability has been exploited at a service providerthe TinyPulse survey platform (WebMD Health Services).
What is the nature of the stolen data?
The Shadowbyt3$ group, which presents itself as an on-demand extortion service, claims to have exfiltrated nearly 1 GB of data. He said the information includes full names, email addresses, bank statements, taxpayer forms and internal reports dating from 2016 to 2026.
To prevent the disclosure of these files, the attackers set a $2 million ransominitially giving Nintendo 48 hours to begin negotiations. Subsequently, they published a link to data that allegedly contained messages between employees, suggesting that their requests were not met.
Nintendo’s reaction to the cyberattack
Nintendo of America is downplaying the scope of the cybersecurity incident. ” We are aware of an issue involving TinyPulse, a third-party service used for internal surveys. “
Nintendo insists that ” Nintendo’s systems were not compromised, and no personal customer or financial data was accessed. “
According to Nintendo, the affected data is limited to internal survey content comprising a small subset of employees, and most of the information is several years old.
No panic for users
For millions of players around the world, the impact of this cyberattack is therefore zero. In fact, users do not have to take any particular action.
