- Shadowbyt3$ claims Nintendo of America breach, stealing ~1GB of employee data from TinyPulse survey platform and demanding $2M ransom
- Nintendo confirmed third‑party TinyPulse compromise, stressing no customer or financial data affected and most info dated years back
- Hackers later leaked alleged employee messages; authenticity unverified, suggesting failed negotiations or pressure tactics
Nintendo of America has confirmed suffering a third-party data breach incident, but played down its severity.
An “extortion-as-a-service” hacking group called Shadowbyt3$ recently claimed to have breached Nintendo of America, a subsidiary of the Japanese gaming giant, operating in the United States, Canada, and some Latin America countries, and exfiltrated sensitive data on its employees.
The crooks said they stole almost 1GB of internal data, which included personal details belonging to the company’s employees, and gave Nintendo of America 48 hours to engage in negotiations before leaking the files and demanded $2 million in ransom.
What is TinyPulse?
The group claims to have nabbed people’s names, email addresses, analytics and survey data, bank statements, and W-9 forms containing employee IDs, progress plans, and reports between 2016 and 2026. They later added that the breach didn’t affect the company’s gaming department, but rather employees who used TinyPulse.
TinyPulse is an employee engagement and feedback platform companies use to measure how employees feel about their workplace. It is best known for sending short, frequent “pulse surveys” to collect honest feedback from staff.
In a statement given to BleepingComputer, Nintendo of America confirmed the third-party data breach.
“We are aware of an issue involving TinyPulse, a third-party service used for internal employee surveys at Nintendo of America,” the company told the publication. “Nintendo’s systems have not been…
