24,000 Nintendo Site Accounts Compromised

hypnosec writes "Nintendo has revealed that it has detected illicit logins in nearly 24,000 accounts on one of the main fan sites in Japan 'Club Nintendo' and account details such as real names, addresses, emails and phone numbers may have been accessed. According to Nintendo the mass login attempts have been made using a list of login credentials containing usernames and password obtained from some service other than Nintendo. The company revealed that it detected over 15 million login attempts out of which 23,926 were successful."

Just guessing?

[jandrese]

24,000 successful logins from 15 million attempts sounds like a brute force attack. I wouldn't be surprised at all if all of those compromised accounts had horrible easy to guess passwords.

Re:Just guessing?

[ciderbrew]

I have lots of easy to guess passwords if they allow 15 million attempts on an account.

Re:Just guessing?

[Mashdar]

GP meant that they tried several easy passwords on many more than 24,000 accounts. 24,000 / 15,000,000 = .16% success rate... This might be the fraction of accounts using 12345 as a password.