Back in April, Nintendo confirmed that roughly 160,000 user accounts might have been accessed by ill-intended attackers. The attackers exploited a vulnerability in the Nintendo Network IDs, an older login system that was prominently used during the Nintendo 3DS and Wii U era, but could still be used to access the newer account system.
Today, the company updated its statement, revealing that, during a subsequent investigation, it found that 140,000 additional accounts may have been accessed this way. That brings the total number of affected users to roughly 300,000, which isn't something to scoff at. However, Nintendo says that, out of all the accounts that were accessed this way, less than one 1% might have been used to make any kind of purchase. Regardless, the company says it has refunded most of the purchases for those affected, and that it will continue to refund users who may have had their money stolen through this attack.
Just like before, Nintendo has reset passwords for both the Nintendo Network IDs and their respective linked Nintendo accounts, and it's still suggested that you set different passwords for both login methods. It's worth keeping in mind that Nintendo Network IDs can no longer be used to log into a Nintendo account since the breach was first discovered in April.
Nintendo also recommends using two-factor authentication to help prevent this sort of attack. This system sends a unique login code to your smartphone or other device every time you attempt to login, so third-parties can't access your account even if they know your password. While Nintendo specifically mentions Google Authenticator, we've verified that Microsoft's Authenticator app also works for this purpose. Keep in mind that there's no option to use SMS codes, so you will need a dedicated app.