Nintendo Employee Info Targeted in $2M Ransom Hack

June 17, 2026 0 comments

Daily Article Image

Nintendo Employee Data Breach: Third-Party Vendor Targeted in $2 Million Ransom Demand

This article details a cybersecurity incident involving Nintendo Co., Ltd., the Japanese multinational video game company headquartered in Kyoto, Japan. The breach targeted employee personal information through a compromised third-party vendor, TinyPulse, and resulted in a ransom demand of $2 million from the hacking group ShadowBytes. The incident raises concerns about supply-chain security and the protection of corporate employee data.

Key Facts

AttributeValue
Date of ReportOctober 2024 (Kotaku report)
Ransom Demand$2,000,000 USD
Alleged Hacker GroupShadowBytes
Compromised Third-Party VendorTinyPulse (employee engagement platform)
Type of Data ExposedEmployee personal information (names, email addresses, internal communications)
Affected EntityNintendo of America (employee data)
Nintendo’s Confirmed ResponseInvestigation launched; no ransom payment confirmed

What Happened in the Nintendo Hack?

The Nintendo hack involved the theft of employee personal information from a third-party vendor, TinyPulse, which Nintendo used for internal employee engagement surveys. The hacking group ShadowBytes allegedly exfiltrated the data and demanded a $2 million ransom to prevent its public release. Kotaku reported the incident on October 2024, citing sources familiar with the matter.

According to the Kotaku report, the breach did not affect Nintendo’s customer data or gaming services. The stolen data included employee names, email addresses, and internal communications from the TinyPulse platform. Nintendo confirmed the incident in a statement, saying it was “investigating the matter and has taken steps to secure its systems.”

“Nintendo is aware of reports of unauthorized access to a third-party vendor’s system. We are investigating the incident and have taken steps to protect our employees’ information.”

— Nintendo statement, as reported by Kotaku (October 2024)

ShadowBytes demanded a $2 million ransom for the stolen Nintendo employee data, according to the Kotaku report.

Who Was Behind the Attack?

The attack was allegedly carried out by the hacking group ShadowBytes, a relatively new threat actor known for targeting corporate networks and extorting companies through data theft. The group claimed responsibility on a dark web leak site, posting samples of the stolen data as proof. Kotaku’s sources confirmed the group’s involvement, though independent verification remains pending.

ShadowBytes has previously targeted other technology and gaming companies, but this is the first publicly known attack on Nintendo. The group’s modus operandi involves exploiting vulnerabilities in third-party software or services to gain initial access, then exfiltrating sensitive data before demanding a ransom.

The hacking group ShadowBytes claimed responsibility for the Nintendo data breach and posted sample data on a dark web leak site.

What Data Was Compromised?

The compromised data consisted of employee personal information stored on the TinyPulse platform, which Nintendo used for internal employee engagement surveys. The exposed data included employee names, email addresses, and internal communications. No customer data, financial information, or Nintendo game development assets were involved, according to the Kotaku report.

TinyPulse is a third-party vendor that provides employee feedback and survey tools. The breach highlights the risk of supply-chain attacks, where hackers target less-secure vendors to gain access to larger organizations’ data. Nintendo stated that the breach was limited to the TinyPulse system and did not affect its own internal networks.

The stolen data was limited to Nintendo employee names, email addresses, and internal communications from the TinyPulse platform, with no customer or financial data exposed.

What Was Nintendo’s Response?

Nintendo responded by launching an internal investigation and notifying affected employees. The company stated that it had “taken steps to secure its systems” and was cooperating with law enforcement. Nintendo did not confirm whether it had paid the ransom or intended to negotiate with ShadowBytes. The Kotaku report noted that Nintendo declined to comment on the ransom demand directly.

As of the report’s publication, no public leak of the stolen data had occurred, suggesting that either the ransom was paid or negotiations were ongoing. However, Nintendo’s standard policy is not to pay ransoms, and the company has not issued any update since the initial statement.

Nintendo launched an investigation and secured its systems but did not confirm whether the $2 million ransom was paid.

Who Is Affected?

The primary affected group is Nintendo of America employees whose data was stored on the TinyPulse platform. This includes current and former employees who participated in internal surveys. The breach does not affect Nintendo customers, partners, or users of Nintendo Switch or other gaming services. The incident serves as a reminder that employee data is a valuable target for ransomware groups, even when the core business operations remain untouched.

For Nintendo, the reputational risk lies in the potential exposure of internal communications and employee personal information. The company has not disclosed the exact number of affected employees, but the Kotaku report suggests the data set is substantial enough to warrant a $2 million ransom demand.

Only Nintendo of America employees whose data was stored on the TinyPulse platform are affected; no customer or gaming data was compromised.

Common Questions

Was customer data affected in the Nintendo hack?

No. The Kotaku report explicitly states that the breach was limited to employee personal information from the TinyPulse vendor. Nintendo’s customer data, including payment information and account details, was not compromised.

Is Nintendo paying the $2 million ransom?

Nintendo has not confirmed any ransom payment. The company’s standard policy is not to pay ransoms, and as of the report’s publication, no public leak of the stolen data had occurred, leaving the status of negotiations unclear.

What is TinyPulse and why was it targeted?

TinyPulse is a third-party employee engagement platform used by Nintendo for internal surveys. Hackers targeted it because it contained employee personal data and may have had weaker security than Nintendo’s own systems, making it a vulnerable entry point for a supply-chain attack.

Sources and Methodology

This article is based on a single primary source: the Kotaku report titled “Nintendo Employee Info Targeted in $2M Ransom Hack” published in October 2024 (URL: https://kotaku.com/nintendo-employee-info-data-hack-ransomware-leak-shadowbytes-tinypulse-2000707087). All facts, quotes, and figures are derived from that report. No additional sources were synthesized. Currency figures are in US dollars as reported. This article was last updated on October 2024.

Twitter Facebook
Link copied to clipboard!