Just hours after the US launch of Nintendo’s latest game console, the Wii U, a video game fan claims that he accidentally “hacked” into the console’s online component – the Miiverse.
A Wii U user called “Trike” posted on NeoGAF that he had stumbled across a secret debug menu in the Miiverse that gave him access to a Japanese language list of administrators, with seemingly the ability to regenerate passwords and delete the access rights of admins.
"At first it asked me to sign in, because my login information didn't match. Then I pressed a button and it sent me to a list of admins anyway. They had buttons in the same row as the names, and I could "regenerate password" or "Delete Admin" or something along those lines. I didn't do it it because I didn't want to risk getting my god damn Wii U banned on day 1."
"What should I do with this information? Is there anyway I can contact Nintendo about this directly without going through their customer service email crap? Should I let everyone know how to do it? Am I an idiot and this is already well known somehow? I can post pics, but they are going to have to be shitty cellphone pictures. Unless The Wii U has a built in snapshot thing."
“Trike” accompanied his forum post with a series of snapshots of his next generation console accessing the underbelly of the Miiverse, as proof of the apparent security breach.
“Trike” also claimed he could view private messages posted by others, and discovered subforums that appeared to be about upcoming (and, as yet, unannounced) games such as “Yoshi’s Island Wii U”.
Just how much damage a malicious hacker could have done by gaining access to administrator’s menus on the Nintendo Miiverse is unclear, but it’s certain that it shouldn’t be simple for a user to stumble across the network’s inner workings.
Fortunately, the security loophole appears to have now been fixed, and “Trike” pointed to a tweet from Nintendo’s USA wing announcing that they were conducting maintenance on the site.
Is the apparent security snafu damaging to Nintendo? Probably not. They appear to have resolved the issue quickly, and there is no suggestion that sensitive information was stolen from users, unlike last year’s Sony PlayStation network hack where hackers stole the personal data of millions of people.
Of course, that’s no reason for complacency. Nintendo and other companies need to treat security and privacy as a priority, or risk generating headlines that will be harmful to their brands and put their customers at risk.