Nintendo has confirmed that hackers breached 300,000 accounts since April.
Hackers had access to personal information including users' birthdays and email addresses, but did not have access to credit card information.
Nintendo reported unauthorised logins on 24 April, where it was thought that approximately 160,000 accounts had been accessed by malicious actors, the company wrote in a Japanese language blog post.
The company now understands that the breach was nearly twice as large, with passwords “obtained illegally by some means other than our service”.
It is resetting user passwords for affected account as well as disabling the option to log into a Nintendo account through a Nintendo Network ID (NNID).
Older accounts could be used to log into 3DS and Wii U consoles, while the Switch uses a new system which can be linked to older accounts.
However, that linking process has been ended in order to stop further purchases being made.
Individuals with unauthorised access to Nintendo accounts could have made purchases through the Nintendo eShop either using virtual coins or via a linked PayPal account.
Some users have seen their accounts used to buy Fortnite VBucks (an in-game currency) which can be worth up to £100, Eurogamer reported.
Nintendo recommends that all users enable two-factor authentication. This is when users are required use another device, such as their mobile phone, in order to log into accounts.
It also suggests not using a password that you have previously used, or one that is used to log into other accounts.
The company said users should investigate incidents and take necessary action, such as cancelling payments and contacting Nintendo about fraudulent purchases.
“We sincerely apologise for any inconvenience caused and concern to our customers and related parties,” Nintendo said. “In the future, we will make further efforts to strengthen security and ensure safety so that similar events do not occur.”
