Nintendo has once again been the victim of a data breach this year. Like previous leaks, information regarding the Nintendo Switch game console was posted on 4chan. In particular, the attackers released data on the development of Switch, including the 2015 SDK and documentation related to the security of the console.
However, according to the Forest of Illusion Twitter channel dedicated to Nintendo, the security mechanisms described in the documentation are not relevant for the final version of the console, which significantly reduces the potential impact of the leak. According to Forest of Illusion, the leaked data only concerns early 2014 Switch prototypes.
In addition to information about the development of Switch, the December leak also contains internal documentation of the company shedding light on the very extreme methods that it resorted to to “hunt” for a hacker breaking into its consoles.
According to the documents published by the hacker under the pseudonym Eclipse, Nintendo was collecting data on a certain hacker Neimod, who hacked the Nintendo 3DS in 2013. Forest of Illusion has supplemented the information provided by Eclipse with internal Nintendo documents that provide details of Neimod’s personal life, including his address and a description of his regular work week.
However, Nintendo did not limit itself to collecting information about Neimod and came up with an entire plan to “process” it. As you can see from the screenshots of the correspondence with the hacker on IRC, the company secretly squeezed out information from him and changed its reaction depending on what he said. The Neimod “turnaround” plan turned out to be very detailed, with several steps and their potential results shown in a flowchart.
The new leak also contains a detailed plan for Nintendo’s rapprochement with Neimod, including timestamps. These plans mention a special “contact group” that was supposed to contact the hacker after he returned home on Monday. The Contact Group approached him “friendly, non-threatening, professional and courteous,” praising his “engineering / software ability” and asking “to stop hacking into Nintendo systems / products.” If a compromise could not be reached, Nintendo intended to prosecute Neimod and show him a draft of the complaint in order to “demonstrate the seriousness” of its intentions.
In 2020, Nintendo fell victim to data breaches dubbed Gigaleak several times. Starting in April, large amounts of data stolen from the company began to be published on the 4chan forum. In May, attackers posted the source code and documentation Nintendo Wii in July – information regarding the consoles Super Nintendo Entertainment System and the Nintendo 64 and games, including Star Fox and Star Fox 2 prototypes, and in September – data unreleased GameCube consoles and Tako.