[Security Weekly] Nintendo User Accounts Compromised and Used for Fraudulent Purchases
1st Week of May 2020
1. Over 160,000 Nintendo user accounts compromised and used for fraudulent purchases
Since mid-April, Nintendo users started posting on social media about their accounts being hacked, raising speculations and concerns. Some users complained that their payment cards were abused to purchase online games and in-game currencies such as Fortnite V-Bucks.
On April 24, Nintendo eventually confirmed on its Japanese website that the accounts of roughly 160,000 users were compromised since the beginning of the month. After investigation, Nintendo claimed that the hackers exploited a vulnerability in its NNID integration.
Nintendo Network ID (NNID) was the authentication system used for older devices such as Wii U and 3DS. In newer devices such as Switch, a new authentication system called Nintendo Account is adopted instead. Users of Nintendo Accounts are still allowed to link their old NNIDs to their new accounts. It is this integration that has led to the hack.
Nintendo did not provide further details on how the vulnerability was exploited. After confirming the incident, the company immediately contacted all impacted users via email, and forced password resets on all those affected. It has also stopped accepting old NNIDs from logging into newer devices. Users who had already linked the old NNIDs to their new Nintendo Accounts are advised to change their passwords for both accounts.
Despite having no evidence yet, Nintendo is also warning the affected users that their date of birth, country of origin, and email address might have also been compromised.
2. Data of biopharmaceutical firm ExecuPharm leaked online after ransomware attack
ExecuPharm is a major manufacturer of clinical trial management tools, and a subsidiary of global biopharmaceutical giant Parexel. Earlier this week, the company filed a letter to the Office of the Vermont Attorney General informing a data breach involving the sensitive information for 5,000 of its employees.
According to the letter, ExecuPharm suffered an attack from the Clop ransomware group on March 13, which hit many of its servers. It was not until recently that the company found out many of its employees’ confidential information was posted on the dark web.
The compromised data include the passport numbers, driver’s licence numbers, social security numbers, taxpayer IDs, bank account and credit card numbers, as well as insurance information of its employees.
ExecuPharm has contacted law enforcement and cybersecurity firms for help, but it is unclear yet how the case would be handled. Ransomware attacks accompanied by data breaches are becoming increasingly common. Just two weeks ago, another double extortion ransomware attack led by the DoppelPaymer ransomware group hit Torrance, California.
3. Vulnerability in WordPress plugin puts 100,000 websites in danger
On Monday, Wordfence disclosed a critical cross-site request forgery (CSRF) vulnerability found in Real-Time Search and Replace, a WordPress plugin that is currently used by more than 100,000 websites.
Real-Time Search and Replace is a plugin that allows the website administrator to replace their site contents without the need to change the existing source codes. This is made possible because the find and replace happens in real-time right before a page is delivered to a user’s browser.
The developers have now fixed the vulnerability. All users of the plugin are advised to update to version 4.0.2 immediately.
[Penta Security’s WAPPLES is a web application firewall dedicated to protecting web applications from external attacks like CSRF and cross-site scripting. Take a look at some of the most common web attacks here, and how WAPPLES can help.]
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Web Application Firewall for Cloud: WAPPLES SA
Database Encryption: D’Amo
Smart Car Security: AutoCrypt