A MASSIVE security breach has been identified in several older Nintendo games including Mario Kart and Animal Crossing that could allow for a “full takeover” by a hacker.
News of the breach comes as Nintendo has moved to update these games – some of which hadn’t seen an update in over 10 years.
The “ENLBufferPwn” breach was recently identified in a GitHub report, which rated it a 9.8 out of 10 (Critical) on the Common Vulnerability Scoring System scale.
The vulnerability uses a “buffer overflow” which allows an attacker to execute code remotely into a console simply by having a victim online.
After hacking into the users game, attackers then could have access to saved payment information and user data.
Additionally, hackers could take audio and video recordings using built-in microphones and cameras on consoles such as the 3DS and Wii U Gamepads.
Any takeover of the system by a third party might even be undetectable by the victim.
The breach was reportedly first discovered by multiple users in 2021.
Within the last two years, several people independently reported the issue to Nintendo.
Since then, the company has worked to fix the breach in many of the games.
So far, all the Nintendo Switch and 3DS games identified have received updates for the vulnerability, according to the report.
Here is a list of all the games identified in the initial breach:
- Mario Kart 7
- Mario Kart 8
- Mario Kart 8 Deluxe
- Animal Crossing: New Horizons
- Splatoon 2
- Splatoon 3
- Super Mario Maker 2
- Nintendo Switch Sports
Mario Kart 8 and Splatoon appear to be the only games listed that still need to be fixed, according to the report.
Github warns that there are likely more games affected by the breach.
Nintedo drew lots of attention in recent weeks as it rolled out updates for the old games.
However, in at least one of the updates, the gaming company did not mention the massive breach.
In the Ver 1.2 update for Mario Kart 7 – which Github says was the update that fixed the issue – Nintendo simply said the company was updating the game for “gameplay experience.”
“Several issues have been address to improve the gameplay experience,” the company said in the December 13 update.
The same language was used with the Animal Crossing: New Horizons update in November.
Nintendo did not immediately respond to The US Sun’s request for comment.
If you are worried about any of your personal or account information being exposed when playing any Nintendo game, make sure you are using the most updated version.
Also, check out the list above to see if the game you want to play has been affected and fixed.