Nintendo allegedly breached by by Crimson Collective hacking group
Learn More
The Japanese gaming giant Nintendo has been reportedly breached by the hacking group Crimson Collective, who claim to have exfiltrated over 570 GB of sensitive internal data from the company.
The alleged breach, is not confirmed by Nintendo. The company has not issued any official statement or acknowledgment of the incident.
Crimson Collective shared screenshots purportedly showing a directory tree of Nintendo's internal file structure as proof of the breach. This claim comes only weeks after the same group successfully compromised Red Hat's consulting GitLab instance in early October 2025, stealing 570 GB of data from over 28,000 repositories and affecting approximately 800 organizations worldwide. Prior to the Red Hat attack, Crimson Collective claimed responsibility for defacing Nintendo's website in September 2025 and breaching Claro Colombia, a telecommunications operator, where they allegedly stole tens of millions of customer invoices and financial files.
According to the claims made by Crimson Collective and analysis by cybersecurity trackers, the alleged stolen data includes:
- Game development assets and production materials
- Developer preview files and internal documentation
- Production backups and administrative files
- Stress test data and performance metrics
- Nintendo manuals and technical specifications
- Source code for gaming consoles (including alleged code for Nintendo 64, GameCube, Wii, and Nintendo Switch)
- Software Development Kits (SDKs) for Nintendo platforms
- Internal development tools and configurations
- Confidential corporate information and budget documents
- Files potentially related to upcoming unannounced games and hardware projects
The claimed data appears to focus primarily on internal development materials, intellectual property, and corporate documentation. It seems that customer data or personal employee information have not been stolen.
The nature of the alleged attack has not been disclosed.
Nintendo rarely comments on ongoing security investigations unless customer or personal data has been compromised, as it is not legally required to notify the public about internal corporate data breaches that do not affect consumer information. Nintendo may choose to remain silent on this incident even if the breach is confirmed internally, unless customer data is found to be at risk.
