Rumours of a hack had spread in recent days as players reported suspicious logins and unauthorised purchases being made from their accounts.
Now the company has confirmed those accounts were hacked, in a post on its Japanese website.
It said that hackers had been able to access online logins that had been made available elsewhere on the internet. It gave no details of how the details were stolen or how widely they had been used.
Nintendo confirmed that some people had used the logins for illegal purchases on its stores. It asked that users investigate such incidents themselves, try and cancel the payments, and inform Nintendo – though it cautioned the company may not be able to reply straight away.
The hackers were able to steal Nintendo Network IDs – which are used as login usernames on the online service – and passwords, the company said. While those NNID accounts give access to some personal information including a person's data of birth and email address, many people also use the same login on their Nintendo account, which can be used in the Nintendo Store or its online eShop for games.
Nintendo also said that it had reset people's account passwords, and that they will have to register a new one. It asked people not to use the same password as on any other sites.
It also asked users to turn on two-factor authorisation, which ensures that people are unable to access accounts even if they do have the password.
Users affected by the hack will be contacted over email, Nintendo said.
https://www.independent.co.uk/life-style/gadgets-and-tech/news/nintendo-switch-online-hack-password-network-id-reset-two-factor-a9481871.html