Last week 24,000 user accounts associated with the Japanese Club Nintendo website have been compromised after a month-long campaign by hackers to break in. According to the Japan Times, Nintendo gave warning via a press release last Friday that the accessed data included names, home addresses, phone numbers and email addresses of Club Nintendo members. However, it has also been concluded by the major console maker that only Japanese users had their information accessed.

Nintendo confirmed there had been around 15.4 million fraudulent login attempts starting June 9th through Thursday, of which 23,926 were successful. Demarking a month-long campaign by hackers in an attempt to breach the site this could be of concern to anyone who has an account on the Nintendo rewards site; however a company representative told Computer and Video Games, “this only affects the Japanese Club Nintendo and is not an international issue.”

In response to this breach, Nintendo has suspended accounts and passwords used in the unauthorized access and the company is asking customers to change their passwords.

Club Nintendo is part of a rewards program for customers to receive extra value from owning one of the company’s gaming consoles. Having an account there allows players to earn points by purchasing games and consoles that can be redeemed for goods.

It is speculated this rewards program is the reason for the attack, due to the odd nature of the brute-force attempt on a basis of account-by-account. Ordinarily large breaches, such as that suffered by Ubisoft last week, involve attackers gaining access to private information via leaking database information and therefore the personal information of account holders in one fell swoop. In these cases account information is often sold: credit card info, home address, identity information, etc. However, the Nintendo attack went undetected since June due to the type of compromise happening (hackers attempting user accounts one-by-one.)

While attackers can still steal personal information from this type of attack, it would be more difficult for the hackers to steal credit card information from modern websites in this manner—as the web accounts do not have direct access to credit card information (often only the last 4 digits.) However, it would be possible to change the address on the account and redirect rewards.

If you happen to be a Japanese customer of Nintendo and are signed up for Club Nintendo, it’s time to log into your account and change your password.