Hackers demand $2M from Nintendo over alleged data breach

Published: 15 June 2026
Last updated: 27 minutes ago
Nintendo data

A threat actor is demanding $2 million from Nintendo after allegedly stealing a decade's worth of corporate data.

Key takeaways:
  • A threat actor calling itself ShadowByte$ claims to have stolen approximately 859MB of Nintendo corporate data and is demanding a $2 million ransom to prevent the information from being released.
  • The leaked samples allegedly contain sensitive internal records, including employee names, corporate email addresses, HR surveys, workplace feedback, organizational performance metrics, internal reports, and planning documentation.
  • Researchers who reviewed the samples found evidence suggesting at least part of the data may be authentic, including employee engagement surveys dating back to 2016 and references to individuals who still appear to work at Nintendo.
  • it remains unclear whether Nintendo itself was breached or whether attackers gained access through a third-party HR platform, with attacker referencing employee engagement software TinyPulse.

A threat actor is claiming to have breached the Japanese gaming giant Nintendo, alleging the theft of internal corporate data and demanding a $2 million ransom to prevent its release.

ADVERTISEMENT

The claims surfaced on a well-known cybercrime forum. In the post, the actor stated that they possess approximately 859MB of data allegedly linked to Nintendo.

While the authenticity and full scope of the incident remain unverified, samples reviewed by our researchers suggest the leaked material may contain internal employee information.

What data was allegedly stolen?

The data samples released with the post show a range of internal corporate records, including:

  • Employee names and corporate email addresses
  • Internal analytics and reporting data
  • Employee surveys and engagement feedback
  • Exported reports
  • Organizational performance metrics
  • Internal planning documentation and program record

A decade of corporate data?

Cybernews researchers have reviewed the samples published by the threat actor and found what appears to be human resources-related information, including employee questionnaires, workplace feedback submissions, and internal pulse survey data.

"The sample contains HR data, such as pulse surveys and questionnaires about how employees are feeling at work," the researchers said.

ADVERTISEMENT

The documents appear to include employee sentiment and workplace feedback collected through internal engagement programs.

The threat actor claims the records span from 2016 through 2026. Our researchers confirmed that some date back to 2016.

Metadata associated with the exported files appears to have been created on January 28th, 2026.

nintendo 1
Screenshot by Cybernews

If accurate, this suggests the dataset may contain up to a decade of historical reporting and employee feedback information.

Our researchers were also able to identify individuals referenced in some of the survey data who still appear to be employed by Nintendo, lending credibility to at least portions of the sample.

"Some people from those pulse surveys are still at Nintendo and were identifiable, so the leak could be legitimate," one researcher noted.

According to the team, the sample alone is insufficient to determine whether attackers compromised Nintendo directly or breached a third-party HR platform.

The actor references TinyPulse, an employee engagement platform used by organizations to collect anonymous workforce feedback and measure employee satisfaction.

Cybernews has reached out to the company for comment, and we’ll update this article once we receive a response.

ADVERTISEMENT
nintendo 2
Screenshot by Cybernews

Extortion groups are increasingly targeting corporate data

If proven to be legitimate, the incident reflects a broader trend among cybercriminal gangs. The gangs are increasingly choosing to steal sensitive internal data for extortion, rather than encrypting systems.

These groups threaten to publish confidential information ranging from source code and financial records to employee data.

Even when datasets do not contain customer information, internal corporate records can still provide significant value to attackers.

They can exploit the data to craft convincing phishing attacks, not to mention reputational impact for the affected company. Such internal data can also reveal how the company operates, providing valuable insights to competitors.

The gang behind the Nintendo breach claims to be going under the name ShadowByte$. They started operating around February 2026.

The gang previously claimed to have snatched data from Starbucks AWS cloud storage and demanded $500,000 from the company.

However, our researchers did not find indicators in the data samples linking the data to Starbucks.

ADVERTISEMENT

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked