Hackers bombarded Nintendo for a month with 15.46 million bogus login attempts, out of which 23,926 struck the jackpot, exposing names, addresses, phone numbers and other personal details of corresponding Club Nintendo customers.
The blitzkrieg lasted from 9 June to 4 July, Nintendo said in a press release issued on Friday.
The breach was eventually discovered on 2 July – last Tuesday.
Company spokesman Yasuhiro Minagawa told Network World that the login attempts were limited to Japanese accounts.
Nintendo, which is based in Kyoto, has suspended accounts and passwords used in the brute-force attack and is urging members whose data may have been breached to change their passwords, according to The Japan Times News.