2017年1月24日 星期二

Warning: Nintendo Network Passwords Have Been Leaked

https://gamingreinvented.com/news/warning-nintendo-network-passwords-leaked/

Warning: Nintendo Network Passwords Have Been Leaked

By CM30 on January 23, 2017
No comments
Do you use Nintendo Network? Like say, to buy eShop games or DLC on the Nintendo 3DS or Wii U?
Then you should go and change your password right now.
Why? Because as the title suggests, around 450 Nintendo Network accounts were hacked this month, with the full details posted online in a list. Which means anyone affected is just one Google search away from having hackers or other scumbags logging into their Nintendo Network account and impersonating them online. Or worse yet, using their money to buy games from the eShop.
Now, for legal and ethical reasons, we are not linking to the list here. Nor is anyone in the Reddit topic, on Source Gaming or any other site covering the leak.
Instead, we have contacted the data breach search site ‘Have I Been Pwned’ with the list in question. This should soon let you check if your account has been hacked by entering the Nintendo Network ID here:
You can also check the usernames on this plain text list, uploaded by someone on the Nintendo subreddit:
Either way, check if your account has been hacked, and change your password immediately if it has been. And if it hasn’t, maybe change it anyway, just to be safe.
Sorry for any inconvenience this article may have caused.
Source:

[WARNING] PASSWORDS WERE TAKEN FROM MIIVERSE AND PEOPLE'S NNID. CHANGE YOUR PASSWORDS IMMEDIATELY. (self.nintendo)
submitted   by epicmartin7
Online, there is a pastebin floating around with Passwords of several NNID users out there. I did make a post yesterday saying there were rumors of that and these passwords did surface on a certain webpage.
I'm not allowed to link them here for several reasons, but it is HIGHLY recommended you change them this instant.
EDIT: So its recently came out that PF2M did the breach and got mainly everything from nugget bridge's leak. This means those who weren't on that site should be alright with their NNID's (hopefully) untouched.
Athough, it'd still be advised to change your password just to be safe.
顯示所有207
排序依據: 
最佳
[–]ExaskryzWhere's the inkling girl at 442 指標  
I got a hold of the leak. I'll be pasting soon what NNIDs were compromised (with passwords redacted).
Of course, this is not all inclusive. There could be more compromised accounts than the link I could find.
Edit: http://pastebin.com/3rJDwBqn - if your NNID is on here, your account has been compromised and anyone can access it until you change your password. The passwords are still publicly available, hence me being able to even get the list.
[–]epicmartin7[S] 103 指標  
I know a person who just messaged the website "have you been pwned" with the list. So users should hopefully be able to check if they got their passwords leaked or not.
Posting the leak of NNID users too (minus the passwords of course) should definitely help out for those who are concerned as well.
[–]ExaskryzWhere's the inkling girl at 35 指標  
Have that person compare against my list at http://pastebin.com/3rJDwBqn to verify we came up with the same users. I'm not sure how to go about messaging the have you been pwned, and it looks like it automatically pulls from pastebin if there are email addresses posted, which is not the case with mine.
[–]epicmartin7[S] 12 指標  
So I just PM'd him just to kind of speed up the process. I'll let you guys know what he says.
[–]epicmartin7[S] 6 指標  
I'll try to get in contact with him.
[–]ukulelej 39 指標  
have you been pwned
"Pwned" is so cringeworthy in retrospect.
[–]GamerBlue53XENOBLADE 2 > BOTW 54 指標  
But it was so hip back in 2007.
[–]Tuneuponipod 28 指標  
Oh god that was 10 years ago.
[–]1kneD6N1 [分數隱藏]  
It's way older than that. Pwned has been used by hackers at least since the 90s.
First time I saw it in gaming was in Starcraft like 20 years ago.
[–]awesomewinterllama [分數隱藏]  
Oh god... 20 years? 😓
[–]LetThemEatKarma [分數隱藏]  
It actually first showed up in a custom game on starcraft. The creator mistyped a message as pwned rather than owned.
[–]theprettychillguy4184-4508-7894 [分數隱藏]  
TIL
[–]2crudedudes [分數隱藏]  
It's a real common misspelling (given that the O and P keys are right next to each other)
[–]wOlfLisK [分數隱藏]  
I thought it was a Dune custom game, half a decade earlier than Starcraft.
[–]perfect_disguise [分數隱藏]  
We're talking about "mainstream 1337 h4x0r speak" not when it was first used But hearing "custom Dune game" reminds me of that video posted a couple weeks ago about that guy in his 60's multi boxing in Asheron's Call during its final hours.
[–]perfect_disguise [分數隱藏]  
More like '98-2004 Counter-Strike
載入更多留言 (5 回覆)
    [–]Magitroopa 3 指標  
    Messaged what site? This reddit?
    [–]epicmartin7[S] 56 指標  
    This website. https://haveibeenpwned.com/ Which tracks whether your account has been stolen/leaked.
    [–]Volerikan 49 指標  
    TIL I have a Tumblr account.
    [–]PokemonFan2000MPF2M 9 指標  
    And I apparently have a MySpace account made from my super-secret email from 2002 that no one else knows about, so.
    [–]DarkDrifloonStarting my new life as a shiny pokémon hunter! 5 指標  
    Lol, I had 3 accounts I used for Minecraft hacked. Don't give a shit tbh
    [–]Step1Mark [分數隱藏]  
    The trouble isn't about what accounts have been hacked but what accounts might have sensitive information such as the same passwords used on other acocunts or account reset questions that could help gain access to your email or bank accounts.
    [–]DarkDrifloonStarting my new life as a shiny pokémon hunter! [分數隱藏]  
    Oh yes, I'm full aware of that. I was talkimg about my own situation.
    [–]inatspong 5 指標  
    Apparently I was hacked in the Gawker media hack in 2010. I had changed all my passwords when that happened just in case. Apparently that was a good idea.
    [–]brandong567I<3Melee 6 指標  
    Wow I've been hacked a lot, and I was never notified. Wow
    [–]Alexxan 4 指標  
    Oh apparently my old MPGH account got leaked 2 years ago and I never changed my passwords. Edit: and on my second MPGH account with a different email too. Huh.
    [–]pokedude728Gary Mother F-ing Oak! 4 指標  
    huh, apparently I have a Neopets account.
    [–]FlowerDrops 2 指標  
    My xat has been hacked. middle school flashbacks
    [–]PKMNTrainerDiamond [分數隱藏]  
    Hacked from my neopets account oh god
    [–]rileyrulesu 48 指標  
    There's only 400? So this probably wasn't a hack, but probably people who fell for a phishing scam or something.
    [–]Mr_Phishfood 21 指標  
    Looks like it, no way a hack would only reveal 400 users.
    [–]HowdyDoodlyDoo 11 指標  
    It seem to be someone who used a load of passwords from gained from hacking a Pokémon fan site.
    [–]jugol [分數隱藏]  
    It's not a direct hack on Nintendo Network. Months ago hackers leaked a large user list from Nugget Bridge, a website where competitive Pokémon (VGC) players gather (or gathered, the website has been quite inactive since the hack). Someone decided to test the usernames and passwords on Nintendo Network, I guess these 450 are the ones who worked. If you examine the list will notice a lot of the compromised users end in "VGC".
    The leaker commented here explaining better what happened.
    The lesson here is, don't use the same user and the same password for different sites.
    [–]PadankadankNNID: Cormin 33 指標  
    Only 440 users?
    [–]moodyssbmIt's time to go on a little adventure... 76 指標  
    Isn't that basically every Wii U owner? /s
    [–]1338h4x#FreeProjectM 78 指標  
    Wow, ctrl-f'd myself (missingno) and there's someone one letter off. Just barely dodged that bullet.
    [–]MissingNo29 24 指標  
    Heh, same, my nnid has MissingNo in it as well.
    [–]PigmaskFan 10 指標  
    Same here!
    [–]MissingNo29 6 指標  
    Hello fellow glitch!
    [–]MissingNoL 17 指標  
    I AM COMPROMISED
    [–]MissingNo29 11 指標  
    We should find that hacker and corrupt his hall of fame!
    [–]WryBones 10 指標  
    Thank you for doing this, and thank goodness I'm not on the list.
    [–]Roshy76 7 指標  
    So if I just have a my Nintendo account I can't be part of this hack right? I'm a little confused on the number of different accounts Nintendo has. I have no idea why it all isn't under one account umbrella.
    [–]KotoElessarBroke(n) 5 指標  
    It is under one account umbrella but the hack was specific to the miiverse website and those logging in to the miiverse site with their nnid (as far as we know) It is possible that the list is a snapshot of a larger file as proof they accessed the information; it is equally possible the list was the entirety of the information stolen before they were booted from the system.
    Either way its a good idea to update your nnid password periodically anyway.
    EDIT: It appears to be part of the NuggetBridge Hack U/PokemonFan2000M explains it more here
    [–]billbaggins [分數隱藏]  
    I just had a thought, not that i think it's happening here.
    You know what would be a brilliant move by the hackers?
    If they made a fake list of "compromised" accounts with no one's actual NNID on them.
    Give everyone a false sense of security.
    [–]hipokryzja 2 指標  
    Thankfully I'm not on that list, but I still swapped out my password just to be safe.
    [–]NintendoGurkanThe Game Boy [分數隱藏]  
    My name wasn't on that list, but I just changed it anyway.
    [–]Zennistrad 1 指標  
    Whew, looks like I'm still safe.
    [–]MichaelBurnsTheThird 1 指標  
    Thanks for posting! Glad to not find myself on the list.
    [–][刪除]  
    [deleted]
      [–]ExaskryzWhere's the inkling girl at 1 指標  
      There could be more compromised accounts than the link I could find.
      [–]jado1stk 1 指標  
      Phew my name isn`t there
      [–]Lewpa [分數隱藏]  
      Thanks for posting this list!
      [–]LightsaberCrayon 146 指標  
      If this is actually true, it's extremely unlikely the passwords were obtained by "hacking". Passwords are almost never stored on servers, only password hashes. If someone has compromised NNID passwords, they were probably obtained by phishing.
      [–]ExaskryzWhere's the inkling girl at 60 指標  
      I agree. There's only a little over 400 accounts in the list I found and only one password looks readily dictionary-attacked. There are passwords on there that could only be guessed with bruteforcing (the equivalent of x&pkN02!z), and if someone is going to bruteforce passwords like that, they probably have a lot more accounts.
      It is possible only a small selection of accounts were posted in the first leak and there are many more from the original hacker, but I would bet on a phishing attempt. In the list are some accounts where capitalization varies for the NNID, which suggests the victim tried their name twice when they noticed the first login didn't work.
      [–]squirrelboy1225 28 指標  
      This is almost definitely a result of the Nuggetbridge hack and people reusing passwords. Most everyone on there is a VGC player/competitive mons player.
      [–]ExaskryzWhere's the inkling girl at 16 指標  
      Ah, could someone crosslink this post into /r/pokemon? Sounds like the victims may have pokemon in common. (I mentioned elsewhere that a lot of the passwords used the name of a Pokemon.) I'm banned there (what silly mods) so I can't.
      [–]kmeisthaxPK Love was too tame for him. 22 指標  
      Passwords are almost never stored on servers, only password hashes.
      Ostensibly this is the case, but in reality we've had plenty of instances of:
      • People not hashing the password at all, allowing passwords to be immediately reused
      • People not using any kind of password salt, allowing identical passwords to be found and rainbow tables to be used
      • People using a block cipher in ECB mode instead of a hash, allowing identical 8-character prefixes of passwords to be found
      • People using a cryptographically secure hash (any of the SHA or MD series hashes) instead of an intentionally slow password hash (such as bcrypt or scrypt), allowing common passwords to be guessed at high speeds if the hash is compromised
      [–]LightsaberCrayon 8 指標  
      As /u/Exaskryz said above, the passwords in the original pastebin (and the very small number of accounts contained therein) don't look like rainbow tables or anything in your last three bullet points could have been at fault. So unless the passwords were stored as plaintext, which is again, extremely unlikely, there was no hack here.
      Also, see the infinitely more plausible explanation of password reuse from a 3DS homebrew leak.
      [–]xkcd_transcriber 2 指標  
      Title: Encryptic
      Title-text: It was bound to happen eventually. This data theft will enable almost limitless [xkcd.com/792]-style password reuse attacks in the coming weeks. There's only one group that comes out of this looking smart: Everyone who pirated Photoshop.
      Stats: This comic has been referenced 40 times, representing 0.0275% of referenced xkcds.
      [–]einstein95 11 指標  
      Or more likely, the 3DSISO leak.
      [–]LightsaberCrayon 4 指標  
      I'm not familiar with 3DS homebrew and hacking, can you explain what/when that leak was?
      [–]ExaskryzWhere's the inkling girl at 7 指標  
      I'd like to hear more on this as well. A lot of the passwords had the names of Pokemon in them, which suggests people likely had a 3DS to enjoy the Pokemon franchise, and may have tried to install some homebrew.
      [–]einstein95 4 指標  
      Thursday, 24th September 2016. Usernames, emails and passwords were leaked from 3DSISO.
      [–]Emu117 2 指標  
      wow people actually have proper passwords on ware sites? Mine are always "password" with a temp email
      doesn't matter if someone steals it, not like they can do anything with it.
      [–]Mariomaster2015A Poochy Man with a Poochy Plan 37 指標  
      Can confirm, my NNID is part of that PasteBin with the correct password.
      Edit: Wait... My ID is Pokemaster08, not Pokemaster008.
      :P
      [–]mjmannellaThat's just my opinion. Don't worry about it too much 14 指標  
      Good luck man. Hopefully this won't be too much of a hassle for you.
      [–]Mariomaster2015A Poochy Man with a Poochy Plan 15 指標  
      I changed it, so, hopefully, I should be okay.
      [–]XXShigaXX 15 指標  
      By any chance, did you have an account on 3DSISO? There's a chance that the account information stolen from there were reused on multiple NNIDs to see if they would work.
      [–]PokemonFan2000MPF2M 1 指標  
      Sorry I posted your stuff, dude. I did not intend to cause anyone setbacks, in fact I have no clue why I thought posting credentials publically like this was a good idea. Hope everything's okay now.
      [–]ShubertoFreshly-Picked Rupee Addict 18 指標  
      Honestly though, why did you post the passwords to begin with? Not trying to be rude or judgmental, we've all done our fair share of stupid shit. Just really curious what made you think this was a good idea in the first place?
      [–]azthal 4 指標  
      Well, to be completely honest, in this case it matters little. In fact, disclosing this may even be better in the long run, although the means in how it was done is despicable.
      The actual passwords were leaked a month ago in the Nuggetbridge hack. That means that any cyber criminal that wanted it already had these logins and password. All that PokemonFan2000M here did was confirm which users have been silly enough to give a 3rd party website both their NNID and their Nintendo password through password re-use.
      I seriously doubt that /u/PokemonFan200M is the only one to check which users from NuggetBridge re-used their passwords both there and at Nintendo.
      Obviously a better way of doing this would have been through responsible disclosure, but when it comes down to it, any criminals that would be interested in these logins already had them.
      [–]PokemonFan2000MPF2M 0 指標  
      As linked here before in a seperate comment, I did a poll on a Miiverse fanpage asking if people would be okay with this, and 74% of readers responded with either "oh, cool" or "uh okay I guess", and I didn't think it would go very far.
      [–]ShubertoFreshly-Picked Rupee Addict [分數隱藏]  
      That doesn't really explain YOUR reasons behind doing this, it just shows that you tried to put the burden of responsibility on an anonymous internet poll instead of making a decision by yourself. It also shows that you weren't' sure whether posting this was a good idea in the first place, you might want to take that as a clue next time.
      [–]Mariomaster2015A Poochy Man with a Poochy Plan 4 指標  
      Everything's sorted out now.
      Thank you for admitting to your mistakes, at the very least.
      [–]jgrizzy89 4 指標  
      At least it was confirmed.
      [–]silentdaze [分數隱藏]  
      Were you a Nugget Bridge member and part of that leak?
      [–]Mariomaster2015A Poochy Man with a Poochy Plan [分數隱藏]  
      Nope. It wasn't my NNID though...
      [–]ByDarwinsBeardI'm a pretty princess 0 指標  
      Have you made use of 3DS homebrew?
      [–]Mariomaster2015A Poochy Man with a Poochy Plan 2 指標  
      Nope.
      [–]TotesMessenger 14 指標  
      I'm a bot, bleepbloop. Someone has linked to this thread from another place on reddit:
      If you follow any of the above links, please respect the rules of reddit and don't vote in the other threads. (Info / Contact)
      [–]SnivyLink 18 指標  
      Poor people who don't have Reddit to even be warned about shit like this.
      [–]ShubertoFreshly-Picked Rupee Addict [分數隱藏]  
      Huh?
      [–]MrRom92 8 指標  
      So if we're not in the pastebin do you think there's anything to really be worried about at the moment? What's the most malicious thing that could be done with a NNID?
      [–]kyle1elyk 6 指標  
      The pastebin is a minimum of users affected, and there is a list with passwords. It was just removed from the one above. You might still be affected so it wouldn't hurt to change it to be safe.
      [–]Nitpicker_Red 2 指標  
      It might be the full list. Post from leaker:
      It is actually recouped from an older leak from a different site, and only 440 passwords and names were re-used/shared between that site and Miiverse.
      [–]ExaskryzWhere's the inkling girl at 5 指標  
      In addition to what /u/kyle1elyk says, it is possible that funds on your account could be spent in ways you wouldn't want.
      I've never purchased from the eShop with a credit card, and it's been a long time since I used a points card, so I'm not sure the extent of harm to your account with fraudulent purchases. If CC information is accessible on your account/stored on Nintendo's servers to make purchasing convenient, then theoretically the user could run the card up if not outright steal it (if the info is viewable by the end user), but I don't think that's the case. Someone may confirm.
      [–]LightsaberCrayon 7 指標  
      You can store CC info in your eShop account, but in order to do so you have to choose a separate password to protect access to it.
      Edit: Someone could spend your eShop points, though.
      [–]ByDarwinsBeardI'm a pretty princess 4 指標  
      Your credit card card number seems to be stored on the system itself, rather than the account. I know I had to enter my number on each console I've owned.
      [–]LightsaberCrayon 1 指標  
      Thanks, that makes a lot of sense.
      [–]HSAMSNINTENDOOOOOOOOOOOOOOOOOOOMED 4 指標  
      Deleting the account.
      [–]MrRom92 2 指標  
      Welp, that would certainly blow. Guess I'll change my password tonight, thanks
      [–]Riverstrider 2 指標  
      Maybe there aren't too many things with just the NNID by itself, but if someone used the same username/password combo on another account for a more "useful" site, that account is now in danger of being compromised as well.
      [–]Alphafraud 2 指標  
      Spend any outstanding store credit. When you buy a game you ca neither choose to buy the game or load up cash on the store (so future purchases can be instantly)
      [–]PokemonFan2000MPF2M 257 指標  
      Leaker here, I've immediately taken the Pastebin down due to abuse and regret. The usernames/passwords were taken from a public nuggetbridge.com leak, about a month ago I wrote a script to brute-force the data against id.nintendo.net and compiled a list of 400 working IDs. (I later took 40 more from an older Pokemon fangame leak as well, bringing the total to about 440.) Then late one night a week or two later I was bored and decided to put 100 of my NNIDs for fun on an unlisted Pastebin page, and posted it publicly to an active Miiverse community. About 3 people saw it before it was taken down, and then it went quiet... until one of my friends discovered the leak somehow and posted it EVERYWHERE, and the entire community was completely flipped upside down. Then the same friend convinced me to give him my extended 440-account leak, and we got to where we are now. I'm not going to be posting any more passwords from here on out, as I don't want this situation to happen again. I can give any proof you want via PMs, as long as you don't want me to do something else on that level of evilness. (Some people are already asking me to dox certain Miiverse users, which I'm not going to do)
      Here's a usernames-only version of the Nugget Bridge leak for comparison to the pastebin linked in the top comment, for another example. Feel free to downvote me all you want now, I probably deserve all of it.
      [–]Dipwod 100 指標  
      But why?
      [–]Dlgredael/r/YouAreGod, a roguelike citybuilding life and God simulator [分數隱藏]  
      Piece of shit looking for attention, he's doing the same thing with the "please pity me I'm so sorry for what I've done" post.
      [–]PokemonFan2000MPF2M [分數隱藏]  
      This is not the type of attention I want. Call me an attention seeker if you want (you're not that far off, if I'm being totally honest), but getting all my social media pages spammed with "what the fuck is wrong with you" is really not my idea of fun.
      [–]Dlgredael/r/YouAreGod, a roguelike citybuilding life and God simulator [分數隱藏]  
      You 100% want attention, that's why you're here posting about it. "Oh I'm soooo sorry I( released a bunch of password information, please come and shower me with love and understanding because I'm so humble."
      Fuck off asshole,I have no respect for shitty douchebags like you. You make little kids cry so people on the internet will notice you, your life is fucking pathetic.
      [–]Frogdier [分數隱藏]  
      Then what is your idea of fun?
      [–]Viola_Buddy [分數隱藏]  
      From a non-hacker's perspective, doing this sort of thing is inconceivable from an ethics perspective. From a hacker/programmer's perspective, unless you take a step back, doing something like this is actually just like anything else you're doing. You might try to view the source of a website to see how they do cool effects (clearly not morally wrong), and then go one step further and actively poke around a website to see how it handles edge cases, and then you wonder about how it handles password management, and then voilà, you get this situation. It's important to step back and think about the ethics sometimes, no matter how harmless what you're doing seems to be, but it's easy to get caught up and forget to.
      This is not a justification for why such hacking may be morally right (I think we agree that it's not, or even if it is, that it was handled poorly in this case). It is, however, an explanation for why it happens.
      [–]LiefKatano [分數隱藏]  
      But then why not keep it a secret? Why post the passwords for the world to use?
      [–]Viola_Buddy [分數隱藏]  
      That's why I say it was "handled poorly." I suspect this was a rash decision because other leaks also post them publicly (perhaps maliciously, perhaps in hopes that these users see them first before malicious hackers), but I can't be sure.
      [–]PokemonFan2000MPF2M [分數隱藏]  
      This is actually pretty accurate, even I didn't think of it that way. Interesting view on it.
      [–]usr_bin_laden [分數隱藏]  
      Honestly, most people that hack stuff do it for the challenge. It's like a puzzle!
      [–]Dipwod [分數隱藏]  
      A really shitty puzzle where all the pieces are made of shit and at the end it makes a picture of shit and then everyone feels like shit.
      [–]InferSaime [分數隱藏]  
      I can understand that but why would they share it
      [–]gorocz 26 指標  
      The usernames/passwords were taken from a public nuggetbridge.com leak, about a month ago I wrote a script to brute-force the data against id.nintendo.net and compiled a list of 400 working IDs.
      So, as I thought, Nintendo's servers themselves weren't compromise, just people having bad password security...
      [–]fr0z3nph03n1x [分數隱藏]  
      Yea, as are many hacks, often one site gets compromised and people who don't use unique username and passwords lose their other accounts too. This is a good time to suggest a strong password manager like keepass, lastpass or 1password.
      The fan fourm hack is probably one of the oldest in the book. People used to setup fan sits just to get access to accounts back in the ragnarok hayday.
      [–]XTheBlackSoulX 59 指標  
      Owning up to a mistake is hard as fuck to do, at least you did that much.
      [–]calobbes 19 指標  
      While what you've done was terrible, kudos for actually owning up to it and trying to clean things up. Good job on that front.
      [–]magnamaduin 33 指標  
      Downvotes are for replies that aren't relevant to the topic. This should be the most upvoted reply.
      [–]Inimitable 34 指標  
      It almost physically hurts to upvote him. But I powered through.
      [–]GlorySeer 9 指標  
      So to be clear, this leak doesn't go any further than the user names on the Nugget Bridge list/the pastebin list in the top comment, correct? While changing your password is never a bad idea when something like this happens, I'm asking so people know if they should actively be doing that everywhere that shares a password (and/or panic). Obvious the people on both lists were using shared passwords already, so there's always a risk of other accounts being compromised as well.
      [–]ExaskryzWhere's the inkling girl at 6 指標  
      I'm asking so people know if they should actively be doing that everywhere that shares a password (and/or panic).
      I would and wouldn't worry about reused passwords in a case like this.
      So, my understanding from /u/PokemonFan2000M is people signed up to a Nuggetbridge with a username that matches their NNID, and used the same password.
      Had I been reusing passwords and my name Exaskryz was in the list, I would want to change my password not just for my NNID, but for every site that I've signed up with the username Exaskryz (such as Reddit).
      But because I don't reuse passwords, I'd be fine.
      On the other hand, if you change up your usernames from website to website, but stick with the same password, I'd worry about this. There are "master lists" of passwords that are compiled from all kinds of leaks, to be used in essentially dictionary attacks. If your routine password gets added to this list, then later in a non-related actual hack to another website or service, your account there could be compromised as your routine password is matched with the other account.
      [–]PokemonFan2000MPF2M 0 指標  
      Yeah, it didn't go far from Nugget Bridge. If you were on the list and accounts with the same password come up when you type your username in in Google, there should definitely be reason for panic. I also always recommend Have I Been Pwned like others here have, so you can know about any leaks that have happened that involve your accounts, and even get email notifications about them if you want.
      [–]windwaker910 [分數隱藏]  
      You did that "for fun"? Jeez dude. I pity you.
      [–]SnapAttack 8 指標  
      about a month ago I wrote a script to brute-force the data against id.nintendo.net and compiled a list of 400 working IDs.
      So the Nintendo ID website didn't stop you after a few attempts of guessing the password? Wow, that's user security 101 there. If Nintendo keep credit card details against NID, this could be in breach of PCI compliance too.
      Did you inform Nintendo of this before you posted it publicly?
      [–]dasdull 4 指標  
      Well, since he had the passwords, I guess he only did one attempt for most of the accounts.
      [–]SnapAttack 2 指標  
      Ah of course, so it'd be user accounts sharing passwords. Gotcha.
      Another reason to not use the same passwords for everything.
      [–]Wiinamex 14 指標  
      Dumbass
      [–]Imp0924 [分數隱藏]  
      Could you try describing the process in more detail?
      載入更多留言 (2 回覆)

        張貼者:

        沒有留言:

        張貼留言

        訂閱: 張貼留言 (Atom)