Nintendo responds after alleged third-party data breach: Our ‘systems have not been compromised’

Nintendo of America acknowledged an issue involving TinyPulse, a third-party service used for internal employee surveys. The company stated its own systems were not compromised, clarifying that the breach affected only internal survey content from a small subset of employees. The data, including employee satisfaction surveys and private messages, was allegedly stolen by the hacking group ShadowByte$, which posted a threat on a cybercrime forum earlier this week. ShadowByte$ claimed to have accessed 859MB of data from TinyPulse, a WebMD Health Services subsidiary, and demanded a $2 million ransom. Nintendo downplayed the sensitivity of the leaked information, emphasizing that most data dated back several years and did not include personal customer or financial information. The company also noted that it had not received the ransom demand directly but confirmed the breach involved internal employee feedback. Nintendo reassured employees that their perspectives were valued and that the company takes feedback seriously. The company is working with TinyPulse to address the issue. TinyPulse, which collects employee feedback, was reportedly targeted after Nintendo failed to respond to the ransom demand. The breach highlights the growing threat of ransomware-as-a-service tools, which enable less skilled hackers to obtain sensitive data. Mashable reached out to WebMD Health Services for further comment but did not receive an immediate response. Nintendo’s statement emphasized that no customer or financial data was accessed, limiting the breach’s impact to internal survey content. The company continues to monitor the situation and collaborate with the affected third-party service.