June 17, 2026, 2:33 pm | Read time: 3 minutes
Nintendo of America has been the target of a cyberattack. The attackers gained access to an external service to extract data. However, they made a significant error afterward.
There is already reassurance for users. According to current information, neither Nintendo accounts nor payment information or customer data have been compromised. This is a so-called third-party or supply-chain attack, where an external service provider, not Nintendo directly, was compromised.
Users Need Not Worry
In an official statement to the U.S. online magazine “Kotaku,” Nintendo stated:
“We are aware of an issue related to TinyPulse, a third-party service used at Nintendo of America for internal employee surveys. Nintendo’s systems were not compromised, and no access to personal customer or financial data was obtained.
The affected data is limited to contents of internal surveys concerning a small portion of our employees, with most information being several years old.
We value our employees’ willingness to share their perspectives, take all feedback seriously, and take appropriate action when necessary. We are working with the service provider to resolve the issue.”
Hackers Demand Two Million Dollars
According to Kotaku, the hacker group SHADOWBYT3$ posted the demand to Nintendo on their website as early as June 12, 2026. They reportedly gave the company 48 hours to respond. After Nintendo refused to pay, the hacker group directed their threats directly at TinyPulse.
On June 14, SHADOWBYT3$ released the following message: “Tinypulse, you have until June 16, 2026, to contact us via Telegram or email […]. Nintendo has decided not to pay, so we demand that Tinypulse pays–otherwise, all data will be released, including private messages from Nintendo employees.” It is unclear whether the service provider has responded to the demands.
Also of interest: Nintendo faces million-dollar fine over Joy-Con issue
The stolen data reportedly comes mainly from the HR and feedback areas. Affected data is said to include internal employee data, company email addresses, full names, survey results, analytics reports, account statements, and private employee conversations. Although Nintendo states that no customer or payment data is affected, much of the mentioned information still constitutes personal data of employees. The leaked data should therefore be handled sensitively.
Huge Data Scandal Surrounding Thermomix! What Users Need to Know
Copilot Reads Confidential Emails Despite Lock
Internal Debates Now Public
These private conversations are said to include discussions about the use of AI tools like Microsoft Copilot. “Not all employees are satisfied–we can assure you of that,” the hackers write. “Private messages will soon no longer be private if Tinypulse does not reach an agreement with us.”
In a post on X, the hackers published alleged excerpts from these messages. Among other things, it states: “I am a little worried about the intense promotion of the AI tool Copilot.” Another employee reportedly wrote: “I don’t think we are adequately considering the downsides of becoming too dependent on AI.”
Hackers Make Embarrassing Mistake
According to the report, the hackers published screenshots as evidence of the alleged data theft. However, a link to the stolen documents was inadvertently left visible, allowing third parties to access the data directly. The previously threatened release of the information had thus effectively already occurred.
The authenticity of the published data has not yet been fully independently verified. Nevertheless, the incident is likely to bring back unpleasant memories for Nintendo. The company has been affected by data leaks several times in recent years. Unlike previous cases, however, there are no indications this time of stolen source codes, development data, or information on future products.