After some rumors that certain Nintendo user accounts had been the victims of fraudulent sales and theft of these, the official Twitter account of Nintendo UK h as confirmed that these rumors are true.
However, credit card details are stored in another way, so the hackers they couldn't get them, but if they were able to make purchases with stolen accounts, in the event that users had registered a default payment method. A statement from Nintendo UK says that there is currently no evidence that this data had been accessed through Nintendo's servers, so the logins to access those accounts were obtained from elsewhere, a virtual attack known as credential padding. Nintendo has taken steps like disable login via Nintendo Network ID.