Hacks Are Always Worse Than Reported: Nintendo's Breached Accounts Magically Double

from the whoopsie dept

One of these days, we writers at Techdirt will put our collective and enormous heads together, and come up with an actual proposed mathematical formula that should be applied whenever a company first announces a security or account breach, so that the public can calculate what that breach count will eventually end up being. The reason the world needs such a formula is because you can pretty much set your watch when a company announces such a breach that in the following weeks or months it will grow significantly. This happened with Equifax, with TJX, and even with our own vaunted federal government. But if we ever really did want to try to put some kind of formula together for measuring the underplaying of a breach on initial response, the historical breach that would probably brake such an algorithm would have to be Yahoo’s email breach, which, in 2013, was the breach of a few hundred thousand email accounts, but in 2017 magically became all of the accounts. As in, literally all of them.

This severity progression is so routine that it should have a name for easy reference. I propose Geigner’s Effect. I heard somewhere that if you write for this site long enough you get an effect named after you.

The most recent example of, ahem, Geigner’s Effect (actually first proposed on this site by Mike Masnick, but he already has an Effect) is Nintendo, which near the start of the year announced that roughly 160k of its Nintendo Accounts had potentially been breached. In an update this week, Nintendo revised that number to nearly double the original amount.

Today, Nintendo announced another 140,000 or so more accounts may have been accessed. That means a total of around 300,000 accounts may have been breached. Nintendo pointed out in an update today that that’s less than one percent of all Nintendo Network ID users.

While that’s true, it’s also 200% of the amount that Nintendo originally said had been breached. And who knows what that number is going to be in another couple of weeks or months? It could stay the same, or it could be more Yahoo-esque and balloon significantly. Remember again, Yahoo revised its breach numbers on a nearly annual basis until it finally settled on “all the accounts.” The public has no reason to trust companies on these numbers and every reason to dismiss the casual trotting out of seemingly comforting math by some PR goon.

So, we reiterate: when you see a report of a breach, know that it’s always more severe than first reported. Until we have our formula ready for prime time, that’s the best you can do.

Filed Under: , ,
Companies: nintendo

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Hacks Are Always Worse Than Reported: Nintendo's Breached Accounts Magically Double”

Subscribe: RSS Leave a comment
27 Comments
Anonymous Coward says:

"But if we ever really did want to try to put some kind of formula together for measuring the underplaying of a breach on initial response, the historical breach that would probably brake such an algorithm would have to be Yahoo’s email breach, which, in 2013, was the breach of a few hundred thousand email accounts, but in 2017 magically became all of the accounts. As in, literally all of them."

Please, I’m sure it’s possible to reach more than 100%!

Anonymous Coward says:

when you see a report of a breach (of a service you’re signed up with), know that your data has been released.

FTFY

But any more, does it really matter unless it’s a medical or credit service? All of virtually everyone’s data has already been breached multiple times. That horse has left the barn.

100% of Nintendo’s accounts could have been breached and the net effect, because Nintendo doesn’t have much in the way of sensitive information, will be zero. Apart from some class action suit that makes a few lawyers rich and does nothing for the victims, that is.

Aaron Walkhouse (profile) says:

Geigner's Effect?

<Smack!>

Silly boy! You don’t get to define an effect and then slap your own name on it!
If an effect comes apparent and we remember you, that’s when we coin a mnemomic.
Then, and only then, "The Geigner Effect" comes into use, and you won’t own it.

</Smack!>

[ Besides, we’re still waiting to see if you get dragged away by the Secret Police,
because that ‌ effect would be much more precisely measurable as well as memorable! ; ]

Anonymous Coward says:

Re: Geigner's Effect?

I think "Yahoo Effect" is actually more apt. If it’s to be named after the person who identified it then "Geigner’s Law" would be better than "Geigner Effect". Or just assign it a new Internet Rule number, e.g. Rule 1572: A hacked database will always be hacked completely regardless of what the database owner says happened.

Scary Devil Monastery (profile) says:

Re: Geigner's Effect?

Well, ok. I’ll nominate "The security breach is always far worse than reported" as Geigner’s corollary to murphy’s law.

"Besides, we’re still waiting to see if you get dragged away by the Secret Police…"

Eh, no, that’s Hoover’s law. Or possibly, to keep up with modern times, Cheney’s. Or was that one "There’s no crime waterboarding can’t produce confessions to"?

This comment has been flagged by the community. Click here to show it.

Anonymous Coward says:

Re: Re: Geigner's Effect?

Anti-crime legislation mobilizes racist fears in the white population.
It has been successful enough to undo many gains of the previous two
decades: to initiate preventive detention, undermine the jury system and put
into effect new mandatory death penalties. Two models are the special
police crackdown unit used in Detroit, called STRESS, which was
responsible for the murder of many Black people. Yes, that was 60 years ago, but THAT DOESN’T MATTER!

Not Any More!

https://www.capitolhillseattle.com/2020/06/welcome-to-free-capitol-hill-capitol-hill-autonomous-zone-forms-around-emptied-east-precinct/

PaulT (profile) says:

I don’t know why anyone would be surprised by this. Most corporations wouldn’t report a breach at all if they weren’t facing liability by not doing so. Since they do, the impetus is then to downplay the incident to avoid losing users, so they’ll give a low ball estimate before the incident is investigated. They will then release the actual numbers after an investigation is completed, possibly delaying it as much as possible so that their users have forgotten about the breach by the time the full extent is known.

The only defense you have as a user is to assume that you have been compromised and take all actions necessary as if you have been affected. Even if you haven’t, that’s the best time to ensure you have all protections in place. If you’re waiting for a press release from an actor that’s incentivised to downplay what’s happened, you’re asking for trouble.

This comment has been flagged by the community. Click here to show it.

Anonymous Coward says:

Re: Trouble at Capital Hill Free Zone!

Trouble!

The real energy crisis is the crisis of imperialism. It is seen in a fight
over raw materials and resources, ft reflects the crisis in empire: declining
Western control over the economies of the Third World, increased
competition between capitalist countries, and growing stagnation arising
from contradictions within monopoly capitalism itself. The system is in
TROUBLE!.

Big Trouble!

https://www.reddit.com/r/MapPorn/comments/gzrxba/the_capital_hill_free_zone_currently_in_place_in/

NOW WE ARE IN CHARGE!

(Will Grab deliver in this area? I’m hungry)

This comment has been flagged by the community. Click here to show it.

Anonymous Coward says:

Free Capital Hill Autonomous Zone Statement about Capitalism

Few people really believe anymore in
the great civilizing leadership role of the US. Few still think that capitalism is
the best of all possible ways to meet the economic needs of the world’s
peoples, or that Black and Third World people are sub-human labor material
destined to support the more worthwhile activities of white supermen. Few
really believe that men will go on indefinitely monopolizing power in a
supremacist anti-women society. Stated simply, our strategy is to base
ourselves on the trends of change, to revolutionize and push them on, and to
intervene in everything.

https://www.capitolhillseattle.com/2020/06/welcome-to-free-capitol-hill-capitol-hill-autonomous-zone-forms-around-emptied-east-precinct/

Anonymous Coward says:

Re: Free Capital Hill Autonomous Zone Statement about Capitalism

Not from Seattle and I support the BLM movement, but i have a Bachelor’s degree in history and political science and I’m a gambling sorta guy. Anybody wanna take bets on how long this autonomous zone will last? Definitely shorter than Free Derry in Ireland, but how short?

Do these people have enough resources to sustain themselves? If not, do they have a supply line? Is there established leadership, or is it more like a commune? Do they have an ultimate goal or is this closer to "Occupy Wall street?" First aid is good, but do they have access to medicine and healthcare? Are they actually fighting the police, or are they intimidating them with their numbers? Are there any suspect groups you’re gaining support from? (i.e. Nazis, ISIS, etc.)

And on the police side: Do you have support from the surrounding community? Are you planning a long siege, or a quick, hard push? Do the protesters have demands and are you able to meet those demands? Will the protesters actually leave after those demands are met? Are you in negotiations with the leadership, if there is any?

My initial guess, at BEST the protesters have one week for the cracks to show, 2 weeks they will have lost most of the area aside from one building. But that’s if they don’t have their shit together. Any other guesses?

Scary Devil Monastery (profile) says:

Re: Re: Free Capital Hill Autonomous Zone Statement about Capita

"Are there any suspect groups you’re gaining support from? (i.e. Nazis, ISIS, etc.)"

…or, lamentably it has to be asked if there’s a chance the poster is just another Identity Evropa supremacist putting on a blackface act and putting up radical calls for insurgency in the name of Black Lives Matter?

After the recent spate of gaslighting the neo-nazi shitheaps have pulled there’s an extra need to sanity-check anything which sounds inflammatory, lest it turn out to be Baghdad Bob just having been replaced by a slightly more skilled supremacy agitator.

Anonymous Coward says:

The only only way to be sure following a hack is for everyone to assume their account was among those compromised and act accordingly. As such, the safest assumption should alwas be "all the accounts."

Excuses like "less than one percent" are just useless fluff meant to make people feel good rather than helping re-secure their accounts.

bhull242 (profile) says:

Eponymous laws

I propose Geigner’s Effect. I heard somewhere that if you write for this site long enough you get an effect named after you.
The most recent example of, ahem, Geigner’s Effect (actually first proposed on this site by Mike Masnick, but he already has an Effect)

I’m sorry, but what’s the Masnick Effect? Or are you talking about the Streisand Effect? If so, then it shouldn’t be Geigner’s Effect but something more like the Yahoo Effect or something.

Bartontlt (user link) says:

how to tell if a libra woman likes you

It firms expect margin rise despite much more rupee

Vietnam expected to be ASEAN’s fastest growing economy in 2022: ADB

Strengthening the healthcare system and ensuring effective and timely rendering of the Economic Recovery Plan for 2022 2023 is key for Vietnam to boost growth recovery this year. Vietnam is set to be the fast growing economy among ASEAN countries in 2022 with estimated GDP growth of 6.5% year concerned with year, The Asian further advancement Bank (ADB) Said in these modern times [the month of january 20]. Electronics production at Samsung Vietnam’s manufacturer. shot: ADB Such growth would see a strong rebound the actual 2.58% rate noted in 2021, even though that the pandemic continued to exert its severe impacts on the Vietnamese economy. The ascertain, bear in mind, continues as 0.5 small amount points lower than ADB’s forecast from last April, Said ADB senior economist James Villafuerte at the launch of the bank’s Covid 19 country assessment report. and even Vietnam, The Philippines and Malaysia would make up the top three in Southeast Asia with the best economic prospects in 2022, [read more.] About Vietnam supposed to be ASEAN’s fastest growing economy in 2022: ADBVit Nam refutes ‘false’ claim on militia implementation in East SeaLk Lake, A silent spot in the Central Highlands16,715 new [url=https://www.bestbrides.net/how-to-tell-if-a-woman-likes-you-based-on-her-zodiac-sign/%5Dvirgo woman signs she likes you[/url] COVID 19 cases reported on ThursdayMasan Group Top ASEAN consumer pick in order to Bank of America16,715 new cases launched on January 20Vit Nam, Hungary foster parliamentary cooperationApple discontinues full-sized HomePod, to focus on HomePod miniiPhone demand weakness just ‘noise,’ outlook proceeds strong, Analyst saysAd insured HBO Max option coming in JuneApple Watch SE returns to $259, Cellular $309 in today’s Amazon dealsDaVinci Resolve and Fusion now technically support M1 Macs.
[—-]

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...