Nintendo Confirms Data Breach via Partner Cyberattack
Photo: BleepingComputer
Quick answer
Nintendo confirmed a corporate data breach after a cyberattack on a WebMD subsidiary exposed internal employee survey data via the TinyPulse platform. No user or gaming service data was compromised.
Nintendo of America has officially acknowledged a corporate data breach resulting from a cyberattack on a third-party service provider. The incident impacted the TinyPulse platform, which is used for conducting internal employee surveys.
According to the investigation, threat actors gained access to the data through a vulnerability in the system of a WebMD subsidiary that provides HR analytics solutions. Nintendo emphasized that its own servers and gaming services remained uncompromised, with the breach limited to data collected via TinyPulse.
The company did not disclose specifics about the nature of the stolen information but confirmed that the incident did not affect user services or customer data protection. Cybersecurity experts note that attacks on third-party contractors are becoming an increasingly common vector for corporate data theft.
Common questions
- What data was stolen from Nintendo?
- Threat actors accessed information from internal employee surveys conducted through the TinyPulse platform. User data or gaming services were not affected.
- Were Nintendo’s systems compromised?
- No, the incident occurred through the third-party TinyPulse service used for HR analytics. Nintendo’s own systems were not breached.
- Who was targeted in the cyberattack linked to the breach?
- The attack targeted a WebMD subsidiary that provides corporate healthcare and HR analytics services.
Dzen feed: /feed/dzen.xml · RSS: /feed.xml