- Shadowbyt3$ reports Nintendo of America breach, steals ~1GB of employee data from survey platform TinyPulse, demands $2M ransom
- Nintendo confirmed the third-party TinyPulse compromise, emphasizing that no financial or customer data was affected and that most of the information dates back years.
- Hackers later leaked alleged employee messages; Unverified authenticity, suggesting failed negotiations or pressure tactics.
Nintendo of America has confirmed that it suffered a third-party data breach incident, but downplayed its severity.
A “racketeering-as-a-service” hacking group called Shadowbyt3$ recently claimed to have breached Nintendo of America, a subsidiary of the Japanese gaming giant, which operates in the United States, Canada and some Latin American countries, and leaked sensitive data about its employees.
The criminals said they stole nearly 1 GB of internal data, which included personal data of the company’s employees, and gave Nintendo of America 48 hours to engage in negotiations before leaking the files and demanding a $2 million ransom.
What is TinyPulse?
The group claims to have captured people’s names, email addresses, analytics and survey data, bank statements, and W-9 forms containing employee IDs, progress plans, and reports between 2016 and 2026. They later added that the breach did not affect the company’s gaming department, but rather employees using TinyPulse.
TinyPulse is an employee feedback and engagement platform that companies use to measure how employees feel about their workplace. It is best known for sending short, frequent “pulse surveys” to gather honest feedback from staff.
In a statement given to beepcomputerNintendo of America confirmed the third-party data breach.
“We are aware of an issue related to TinyPulse, a third-party service used for internal surveys of Nintendo of America employees,” the company told the publication. “Nintendo systems have not been compromised and no personal customer or financial data has been accessed.”
“The data involved is limited to the content of internal surveys comprising a small subset of our employees, and most of the information goes back several years,” the company stressed, adding that it is now “working with the service provider to address the issue.”
Shadowbyt3$ then shared a link to a dataset that purportedly contained direct messages and conversations between employees. This means that the negotiations failed or that the criminals were simply trying to put more pressure on Nintendo. No analyst has yet confirmed the authenticity of the leaked information.
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
