Nintendo confirms data stolen in WebMD subsidiary cyberattack

Nintendo of America has confirmed to BleepingComputer that threat actors stole survey data from the third-party TinyPulse service used internally, but its systems were not compromised.

The company’s statement comes after claims from the Shadowbyt3$ “extortion-as-a-service” threat group that they exfiltrated sensitive data related to Nintendo of America employees.

“We are aware of an issue involving TinyPulse, a third-party service used for internal employee surveys at Nintendo of America,” stated Nintendo.

“Nintendo’s systems have not been compromised, and no personal customer or financial data has been accessed. Nintendo’s systems have not been compromised, and no personal customer or financial data has been accessed."

"The data involved is limited to internal survey content comprising a small subset of our employees, and most of the information dates back several years,” the company told BleepingComputer.