Security Boulevard reported that a massive data leak is hitting Nintendo as source code, demos, videos and other content for Wii, N64 and GameCube become available online, following the publishing of a steady stream of information on 4Chan in the past few weeks.
The first information about a possible Nintendo data leak appeared on Dexerto, with reports of canceled games named “Pokemon Pink.” The source code was published on 4Chan, and it seemed to be the entire extent of the breach.
This has been a rough few month for Nintendo. On the 24th of April they acknowledged a breach of up to 160,000 of their Nintendo Network IDs, this has lead to them removing some functionality related to authentication. While they may not be linked, it is not inconceivable to consider that these are related.
This may be as simple as some of the compromised accounts belonged to Nintendo staff, and the same credentials were used on collaboration platforms such as Github, bitbucket, confluence etc.
It is possible a key used to obfuscate/encrypt the controls has been reverse engineered. If the same method to secure the devices controls was used for the N64, GameCube and Wii, this would mean an attacker would be able to work on breaking the N64 and apply the same principles to the Wii. The extent of this is unknown and we can really only speculate until we have further detail.
Fortunately, it appears as though little information directly to users has been exposed. The potentially proprietary information that has been exposed may make it easier for an attacker to design something malicious for future use. The extent of the implications of this leak cannot really be measured now, but its potential is quite large. The saving grace is that the Nintendo’s current blockbuster console, the Nintendo Switch, did not appear to have any data leaked.