A ransomware group is now demanding a ransom payment from Nintendo amounting to a whopping $2 million as it claimed that it was able to extract its employees' sensitive information from its database.
Nintendo Faces Ransom Threat from Hacking Group
A cybersecurity account called Hackmanac posted on Bluesky, alerting the public to the attack, sharing the message from the threat group called "SHADOWBYT3$" who claims to have breached Nintendo's platform.
"The claimed dataset includes employee names, email addresses, surveys, analytics reports, bank statement PDFs, W-9 forms, and workplace feedback," said the post.
The group also claims that the breach did not come from Nintendo's own internal systems directly. Instead, the attackers targeted TinyPulse, a third-party survey service that Nintendo of America uses to conduct internal employee feedback surveys.
The stolen data is said to span a period from 2016 to 2026, covering roughly a decade of internal workplace communications.
Ransomware Group Demands $2M From Nintendo
SHADOWBYT3$ is demanding that Nintendo pay a $2 million ransom with a deadline of June 15 to avoid having the sensitive data leaked by the group. According to GameRant, Nintendo of America has already responded to the attack, claiming that it is already working with TinyPulse to address the breach.
While Nintendo acknowledged the situation by saying that it will start working together with TinyPulse, the company maintains that its systems were not compromised by SHADOWBYT3$. The company also added that no personal or financial data was accessed by the ransomware group.
Nintendo further clarified that the TinyPulse data in question was "limited in scope to survey content dating back several years." Given that Nintendo is well aware of the breach and has already gone on record about its limited impact, the company is not expected to comply with the ransom demand.
Nintendo has historically taken aggressive legal and protective measures when it comes to anything touching its brand or intellectual property.
Threats Nintendo Faced Recently
The TinyPulse breach is only the latest in a string of security-related incidents surrounding Nintendo over the past few years. The company was targeted in a separate hacking incident in October 2025, with a group called the "Crimson Collective" claiming to be behind it.
Before that, the gaming world watched the massive "Teraleak" of 2024 unfold, in which over a terabyte of data from Game Freak was released online. That leak included internal documents, source code, and franchise information tied to the "Pokémon" series.
A second Teraleak was revealed in 2025 with information concerning "Pokémon Winds and Waves." While some of the information was proven accurate, Nintendo has since shifted the release of the Gen 10 titles to an undisclosed date in 2027.
Nintendo is far from the only major gaming company facing these kinds of threats.
In April, the hacker group ShinyHunters released internal data from Rockstar Games, including financial information tied to "Grand Theft Auto V" microtransaction sales.
