An as‑yet unverified claim from hacking group ShadowByt3$ alleges that 859MB of Nintendo employee data was taken on 13 June, with the group reportedly giving Nintendo until 15 June to respond.
The report, first noted by Technadu and relayed via Nintendo Everything and Nintendo Life, states the data allegedly includes employee names, bank statements, employee IDs, analytics and internal reports.
Background and context
Nintendo Co., Ltd. is the creator and publisher behind household franchises and hardware such as the Nintendo Switch and digital storefronts like the Nintendo eShop, and it frequently communicates product plans and announcements through platforms including Nintendo Direct.
Recent cybersecurity incidents affecting major game companies (for example, the so‑called "teraleak" that impacted The Pokémon Company in 2024) have increased industry scrutiny of third‑party platforms and vendor security.
How the breach is described
ShadowByt3$ claims the data was obtained through TINYpulse, an HR and employee engagement platform provided by WebMD Health Services.
TINYpulse is described by its provider as an employee engagement and feedback platform intended to improve workplace culture and performance.
Targeting a third‑party HR service is a known tactic among criminal groups because compromising a vendor can expose customer organizations indirectly.
Verified details and sourcing
- Date of alleged incident: 13 June (as claimed by the group).
- Size of data claimed: 859MB of employee‑related material (as reported).
- Reporting outlets: Technadu (original report) and aggregator sites Nintendo Everything and Nintendo Life relayed the claims.
- Vendor named: TINYpulse, part of WebMD Health Services' HR offerings (vendor description paraphrased from public material).
What Nintendo has said and next steps
As of publication, Nintendo has not issued a public confirmation addressing the claim.
Nintendo Life noted that outlets have reached out to Nintendo for comment and will update coverage if the company responds.
Given the sensitivity of payroll and personnel records, verification and official statements from Nintendo and WebMD Health Services will be necessary to confirm the scope and legitimacy of the claim.
Why this matters to the industry
Even if smaller in scale than prior high‑profile leaks, any compromise exposing employee banking or identification materials is significant for privacy and regulatory reasons.
Companies that publish on platforms such as the eShop or communicate via Nintendo Direct are increasingly expected to monitor vendor security practices and to disclose verified incidents promptly.
This article will be updated with official statements from Nintendo, WebMD Health Services, and additional verification as it becomes available.
The report, first noted by Technadu and relayed via Nintendo Everything and Nintendo Life, states the data allegedly includes employee names, bank statements, employee IDs, analytics and internal reports.
Background and context
Nintendo Co., Ltd. is the creator and publisher behind household franchises and hardware such as the Nintendo Switch and digital storefronts like the Nintendo eShop, and it frequently communicates product plans and announcements through platforms including Nintendo Direct.
Recent cybersecurity incidents affecting major game companies (for example, the so‑called "teraleak" that impacted The Pokémon Company in 2024) have increased industry scrutiny of third‑party platforms and vendor security.
How the breach is described
ShadowByt3$ claims the data was obtained through TINYpulse, an HR and employee engagement platform provided by WebMD Health Services.
TINYpulse is described by its provider as an employee engagement and feedback platform intended to improve workplace culture and performance.
Targeting a third‑party HR service is a known tactic among criminal groups because compromising a vendor can expose customer organizations indirectly.
Verified details and sourcing
- Date of alleged incident: 13 June (as claimed by the group).
- Size of data claimed: 859MB of employee‑related material (as reported).
- Reporting outlets: Technadu (original report) and aggregator sites Nintendo Everything and Nintendo Life relayed the claims.
- Vendor named: TINYpulse, part of WebMD Health Services' HR offerings (vendor description paraphrased from public material).
What Nintendo has said and next steps
As of publication, Nintendo has not issued a public confirmation addressing the claim.
Nintendo Life noted that outlets have reached out to Nintendo for comment and will update coverage if the company responds.
Given the sensitivity of payroll and personnel records, verification and official statements from Nintendo and WebMD Health Services will be necessary to confirm the scope and legitimacy of the claim.
Why this matters to the industry
Even if smaller in scale than prior high‑profile leaks, any compromise exposing employee banking or identification materials is significant for privacy and regulatory reasons.
Companies that publish on platforms such as the eShop or communicate via Nintendo Direct are increasingly expected to monitor vendor security practices and to disclose verified incidents promptly.
This article will be updated with official statements from Nintendo, WebMD Health Services, and additional verification as it becomes available.