Nintendo has confirmed that a Nintendo Account breach has indeed took place.
As many as 160,000 accounts are possibly effected in a hack from early April. Nintendo Japan released a statement (translated by Kotaku) that pins the hack on old Nintendo Network IDs (NNIDs). Wii U and 3DS systems utilized NNIDs, but have since been replaced with Nintendo Accounts on Switch. However, users could connect their old NNIDs to their accounts. It appears that hackers were able to use those NNIDs and log into player’s Nintendo Accounts who utilized the same password for both services.
As for what information the hackers could have gotten, Nintendo says no credit card info was stolen. However, they could have access to their nicknames, birth date, country, gender, and email. To combat future threats, Nintendo has disabled NNID logins and automatically reset the passwords of all breached accounts. They’re also pushing all users to enable two-factor authentication.
Whether breached or not, we recommend all users with a Nintendo Account connected to an NNID reset their password. Better to be safe than sorry. If you see an unauthorized purchase on your account, contact Nintendo Support immediately.