- Shadowbyt3$ Claims Nintendo of America Breach, Steals ~1GB of Employee Data from TinyPulse Research Platform, Demands $2M Ransom
- Nintendo confirmed the third-party TinyPulse compromise, stressing that no customer or financial data was affected and most of the information dated back years
- Hackers later leaked alleged employee messages; authenticity unverified, suggesting failed negotiations or pressure tactics
Nintendo of America has confirmed that it has suffered a third-party data breach, but downplayed the seriousness.
A “blackmail-as-a-service” hacker group called Shadowbyt3$ recently claimed to have breached Nintendo of America, a subsidiary of the Japanese gaming giant that operates in the US, Canada and some Latin American countries, and extracted sensitive data about its employees.
The fraudsters said they stole nearly 1GB of internal data, which included personal information of company employees, and gave Nintendo of America 48 hours to enter negotiations before leaking the files and demanding $2 million in ransom.
What is TinyPulse?
The group claims to have nabbed people’s names, email addresses, analytics and survey data, bank statements and W-9 forms containing employee IDs, progress plans and reports between 2016 and 2026. They later added that the breach did not affect the company’s gaming division, but rather employees who used TinyPulse.
TinyPulse is an employee engagement and feedback platform that companies use to measure how employees feel about their workplace. It is best known for sending short, frequent “pulse surveys” to gather honest feedback from staff.
In a statement given to Bleeping ComputerNintendo of America confirmed the third-party data breach.
“We are aware of an issue involving TinyPulse, a third-party service used for internal employee surveys at Nintendo of America,” the company told the publication. “Nintendo’s systems have not been compromised and no personal customer or financial data has been accessed.”
“The data involved is limited to internal investigative content involving a small subset of our employees, and most of the information goes back several years,” the company stressed, adding that it is now “working with the service provider to resolve the issue.”
Shadowbyt3$ later shared a link to a dataset that allegedly contained direct messages and conversations between employees. This either means that the negotiations broke down, or that the bad guys were simply trying to put more pressure on Nintendo. No analysts have yet confirmed the authenticity of the leaked information.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
