In April, Nintendo confirmed a massive privacy breach that led to as many as 160,000 Nintendo Accounts being illegally accessed. Following an investigation, Nintendo has now admitted another 140,000 accounts were compromised, for a total of 300,000.

Nintendo Accounts were accessed by third parties using illegally obtained Nintendo Network ID (NNID) username and password. According to Nintendo, 300,000 people is less than one percent of all NNID users.

Private data including users’ nickname, email, date of birth, gender and country/region could was made available as a result the breach. Credit card data was not leaked, but illegal purchases were made using linked Paypal and bank accounts.

Nintendo contacted those affected and reset their NNID and Nintendo account passwords. Most customers have already seen unauthorised purchases refunded.