Hackers Claim Nintendo Employee Data Stolen, Demand $2M

A hacking group using the name ShadowByt3$ claims it accessed roughly 859MB of Nintendo employee data on June 13 and set a June 15 deadline for a $2 million ransom demand. The group says the data were taken from TinyPulse, an employee survey tool operated by WebMD Health Services and used by Nintendo of America.

ShadowByt3$ asserts the files include full names, bank statements, employee IDs and reports, analytics and other internal records collected through the survey service. The group has not published the files for independent review.

In a statement, Nintendo of America wrote that it is aware of an issue involving TinyPulse and that Nintendo’s own systems were not compromised. The statement described the exposed material as “limited to internal survey content comprising a small subset of our employees,” added that “most of the information dates back several years,” and said “no personal customer or financial data has been accessed.” The company wrote that it is working with the service provider to address the issue.

Nintendo has said it is coordinating with the third-party provider to investigate the incident. There is no public confirmation from independent forensic firms about the scope or authenticity of the files ShadowByt3$ says it holds.

Security experts note attackers often target third-party service providers because vendors can hold internal data for larger organizations. ShadowByt3$ has not posted the data for verification, and Nintendo’s statement did not indicate whether the company met the group’s June 15 deadline.