Nintendo is facing a potential incident after a threat actor claimed to have stolen nearly a decade’s worth of internal corporate data and demanded a $2 million ransom to prevent the information from being released publicly.
While the gaming giant has not confirmed the alleged breach, Cybernews researchers reviewing samples of the leaked data say portions of the material appear credible.
“The sample contains HR data, such as pulse surveys and questionnaires about how employees are feeling at work,” researchers noted after examining files published by the threat actor.
The threat actor, operating under the name ShadowByte$, posted the allegations on a cybercrime forum, claiming to possess approximately 859MB of internal Nintendo data and demanding a $2 million ransom to prevent its release.
According to researchers who reviewed samples published by the actor, the dataset may contain employee names, corporate email addresses, workforce engagement surveys, internal analytics, organizational performance metrics, exported reports, and planning documentation.
While the full scope and authenticity of the alleged breach remain unverified, researchers identified several indicators suggesting that at least portions of the data may be legitimate.
The samples reportedly include employee engagement surveys and workplace feedback records dating back to 2016, supporting the threat actor’s claim that the stolen information spans a ten-year period through 2026.
Researchers also identified references to individuals who appear to still be employed by Nintendo, lending additional credibility to parts of the leaked dataset.
Furthermore, metadata for some exported files reportedly showed creation dates of Jan. 28, 2026, suggesting that at least some records may have been accessed or exported more recently.
Despite these findings, questions remain about how the data was obtained.
Researchers said the available samples do not provide enough evidence to determine whether Nintendo was directly compromised or whether attackers gained access through a third-party service provider that handled employee-related information.
Adding to the uncertainty, ShadowByte$ referenced TinyPulse, an employee engagement platform used by organizations to collect anonymous workforce feedback and measure employee satisfaction.
If accurate, the incident could highlight the ongoing risks associated with third-party vendors that store sensitive corporate data. As organizations increasingly rely on cloud-based business platforms, a compromise involving a trusted provider can expose information across multiple customers.
Nintendo has not publicly confirmed the threat actor’s claims at the time of publication.
Although Nintendo has not confirmed the alleged breach, security teams can use the incident as a reminder to review controls surrounding employee and HR-related platforms.
Together, these measures can help organizations reduce their exposure to third-party risks while building resilience against future incidents.
Editor’s note: This article originally appeared on our sister publication, eSecurityPlanet.
Image credit - istockSaudi has launched Package Visa, a new digital initiative that integrates tourist…
The second-generation Range Rover Velar is reportedly coming in the next six months. There will…
Machine learning is giving scientists a powerful new way to search for superconductors, materials that…
Cadillac recalls over 13,000 Vistiq SUVs for faulty third-row seats. The seats may trap small…
Running a facility deep beneath Earth's surface requires constant control of two essential elements: air…
Volkswagen Design intern Fabian Reitz created the VW ID.DIN T14. Volkswagen made a scale…