- Shadowbyt3$ claims Nintendo of America breach, stealing ~1GB of employee data from TinyPulse survey platform and demanding $2M ransom
- Nintendo confirmed third‑party TinyPulse compromise, stressing no customer or financial data affected and most info dated years back
- Hackers later leaked alleged employee messages; authenticity unverified, suggesting failed negotiations or pressure tactics
Nintendo of America has confirmed suffering a third-party data breach incident, but played down its severity.
An “extortion-as-a-service” hacking group called Shadowbyt3$ recently claimed to have breached Nintendo of America, a subsidiary of the Japanese gaming giant, operating in the United States, Canada, and some Latin America countries, and exfiltrated sensitive data on its employees.
The crooks said they stole almost 1GB of internal data, which included personal details belonging to the company’s employees, and gave Nintendo of America 48 hours to engage in negotiations before leaking the files and demanded $2 million in ransom.
What is TinyPulse?
The group claims to have nabbed people’s names, email addresses, analytics and survey data, bank statements, and W-9 forms containing employee IDs, progress plans, and reports between 2016 and 2026. They later added that the breach didn’t affect the company’s gaming department, but rather employees who used TinyPulse.
TinyPulse is an employee engagement and feedback platform companies use to measure how employees feel about their workplace. It is best known for sending short, frequent “pulse surveys” to collect honest feedback from staff.
In a statement given to BleepingComputer, Nintendo of America confirmed the third-party data breach.
“We are aware of an issue involving TinyPulse, a third-party service used for internal employee surveys at Nintendo of America,” the company told the publication. “Nintendo’s systems have not been compromised, and no personal customer or financial data has been accessed.”
“The data involved is limited to internal survey content comprising a small subset of our employees, and most of the information dates back several years,” the company stressed, adding that it is now “working with the service provider to address the issue”.
Shadowbyt3$ later shared a link to a data set allegedly containing direct messages and conversations between employees. This either means the negotiations broke down, or that the crooks were simply trying to put Nintendo under more pressure. No analysts yet confirmed the authenticity of the leaked information.
Via BleepingComputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
https://cdn.mos.cms.futurecdn.net/wKC5gGHE5CWcks5iMRR96o-1920-80.jpg
Source link
