A group called SHADOWBYT3$ says it stole 859 MB of employee data through the HR platform TINYpulse and wants $2 million. Nintendo confirmed a limited breach — just not the version the hackers are selling.

Nintendo has been hacked again. The good news, if you own a Switch, is that this one probably isn’t about you.

A group going by SHADOWBYT3$ surfaced on June 13 claiming it stole 859 MB of internal Nintendo data and slapping a $2 million ransom on it. The twist is where the data came from: not Nintendo’s servers, but a third-party HR tool called TINYpulse.

What SHADOWBYT3$ claims it stole

The group says the haul is employee data going back nearly a decade, from 2016 to 2026.

Per cybersecurity outlets covering the claim, that allegedly includes full employee names, corporate emails, employee IDs, workplace survey responses, engagement rankings, and — the ugly part — bank statements and W-9 tax forms.

SHADOWBYT3$ gave Nintendo a 48-hour deadline. When Nintendo didn’t bite, the group redirected the shakedown at TINYpulse itself and pushed the clock back a day. That’s an “extortion-as-a-service” play: steal the data, threaten to dump it, and bill whoever blinks first.

What Nintendo actually confirmed

Here’s where the hacker’s pitch and reality split.

Researchers who poked at the leaked sample found signs it’s at least partly real — they matched names to people still working at Nintendo, and some files carried metadata stamps from January 28, 2026. So this isn’t pure bluster.

But Nintendo of America confirmed only a limited breach tied to TINYpulse. The company says its own systems were never compromised, and no customer data or payment information was touched. The exposure was internal survey content from a small slice of employees, most of it years old.

In other words: real, but narrower than a $2 million headline wants it to be.

This is a supply-chain hack, not a source-code heist

What makes this one interesting isn’t the size. It’s the door they came through.

Nobody cracked Nintendo’s vault. They hit a vendor — an employee-feedback SaaS app most people have never heard of — and walked out with HR paperwork. That’s the modern shape of these attacks. You don’t break into the castle; you break into the company that does the castle’s payroll surveys.

Which is a long way from how Nintendo used to get burned.

Nintendo has been a hacker target for years

Because if there’s one company that knows the hits keep coming, it’s this one.

In 2020, Nintendo revealed that 300,000 accounts had been compromised — it started at 160,000 before the number ballooned. Hackers used old Nintendo Network IDs to get into accounts, see birthdays and emails, and in some cases reach linked PayPal and card info to make fraudulent purchases. Nintendo killed NNID logins and pushed everyone toward two-factor. That one was about customers.

That same year came the Gigaleak, a flood of Nintendo source code, prototypes, and internal dev tools dumped onto 4chan — SNES and N64 guts laid bare, a goldmine for emulation and a nightmare for Nintendo’s legal team. The leaks traced back to a hacker who’d also breached Microsoft.

Then in October 2024, the big one: the Teraleak. Pokémon developer Game Freak got hit for what some estimated near a terabyte of data. Game Freak confirmed the names and contact details of 2,606 employees and contractors were exposed, alongside source code, unreleased Pokémon projects like Winds and Waves, Pokémon Legends: Z-A details, and even Switch 2 codenames. Nintendo went so far as to subpoena Discord to unmask the leaker.

The target keeps moving outward

Line them up and you can watch the soft spot drift.

2020 was the customers. The Gigaleak was the source-code vault. The Teraleak was the crown-jewel studio. This week, it’s an HR survey app a vendor runs on Nintendo’s behalf.

Nintendo can wall off its own servers, and clearly has — its systems held this time. But you can’t patch every company you’ve ever signed a contract with. The most secretive, litigious giant in gaming just got reminded that these days, the weak link usually isn’t you. It’s whoever you outsourced to.

Article compiled and edited by Derek Gibbs (entertainment editor) and the Clownfish TV newsroom.

D/REZZED is part of Clownfish TV. For more news, views, and rants on gaming, tech, and pop culture, visit clownfishtv.com. Watch the show on YouTube at @ClownfishTV where new episodes drop daily. Subscribe to the Clownfish TV podcast on Apple Podcasts, Spotify, iHeart, and wherever else you get your podcasts. Sign up for the free newsletter at more.clownfishtv.com.

Hat Tips:

• Nintendo Life and Nintendo Everything (June 15, 2026), verified for Nintendo of America’s official statement confirming a limited TINYpulse breach, that its own systems and customer data were not compromised, and that the data was internal survey content from a small subset of employees

• Cybernews (June 14, 2026), verified for the $2 million ransom demand, the 2016–2026 data span, and researchers matching leaked names to current Nintendo employees plus the January 28, 2026 metadata stamps

• Otakukart and Technadu (June 2026), verified for the SHADOWBYT3$ June 13 claim, the 859 MB figure, the TINYpulse attack vector, the deadline shift to the vendor, and the extortion-as-a-service framing

• CNN and CBS News (June 9, 2020), verified for the 300,000 compromised Nintendo Network ID accounts, the data exposed, and the fraudulent-purchase response

• Wikipedia and Hackread (2020–2026), verified for the Gigaleak source-code leak details and the 2024 Game Freak Teraleak, including Game Freak’s confirmation of 2,606 affected employees and contractors