Nintendo Refuses $2M Ransom Over Stolen Employee Data

There are more and more hacks happening in gaming industry, the ransom hacks happen every month now, this one is no different.

Nintendo has declined to pay a 2 million USD ransom to a hacker group that claims to have stolen a large cache of its internal employee data. The group, a self-described "extortion as a service" operation known as ShadowByt3s, says it obtained roughly 859MB of data and threatened to leak it unless paid. Rather than negotiate, Nintendo issued a statement firmly downplaying the incident, insisting its own systems were never compromised and that no customer or financial data was involved. It's a measured, confident response to a threat the company clearly does not intend to reward.

According to ShadowByt3s, the stolen dataset was pulled not from Nintendo's core network but from TinyPulse, a third-party employee engagement and survey platform used by Nintendo of America to gather staff feedback. The group alleges the data includes employee names, corporate email addresses, survey responses, analytics reports, private messages, and even bank statement PDFs and tax forms. The group first posted its threat around June 12-13, giving Nintendo 48 hours to respond. When Nintendo declined to engage, ShadowByt3s shifted its target, issuing a second threat aimed directly at TinyPulse with a June 16 deadline, warning that "private messages are about to not become private" if the platform didn't reach an agreement.

Nintendo's statement sought to contain the situation without conceding much. "We are aware of an issue involving TinyPulse, a third-party service used for internal employee surveys at Nintendo of America," the company said, adding that "Nintendo's systems have not been compromised, and no personal customer or financial data has been accessed." It characterised the affected material as "limited to internal survey content comprising a small subset of our employees," and stressed that "most of the information dates back several years." The company said it appreciated its employees' willingness to share feedback and that it is working with the service provider to address the issue. Notably, Nintendo refused to pay the ransom outright, consistent with the standard corporate stance against rewarding extortion.

There's reason to treat Nintendo's reassurances with some caution, because independent researchers who examined the leaked samples have raised doubts about the "dates back several years" framing. Analysts reportedly found indicators that at least some of the data appears authentic, cross-referencing names against people currently employed at Nintendo, and while some survey records do stretch back to 2016, metadata on several exported files reportedly carries creation stamps as recent as January 28, 2026. This suggests the data may have been pulled far more recently than Nintendo's statement implies. It also remains genuinely unclear whether the attackers breached Nintendo directly or got in through TinyPulse, a question researchers say the available evidence can't yet answer.

The extortion attempt has run into problems of the group's own making. ShadowByt3s reportedly exposed the data's download link by failing to blur it in one of their own proof-of-breach screenshots, and while that mega.io link has since been taken down, the slip undermined the leverage of the threat(LOL). Some redacted screenshots are already circulating, and among the more awkward revelations for Nintendo is internal employee discussion expressing unease about the company's push to adopt Microsoft's Copilot AI tool, with one message reportedly reading, "I am a little worried about the push for the Copilot AI tool." With TinyPulse's June 16 deadline now passed and the platform yet to comment publicly, the open question is whether the group follows through on a full leak or whether its own missteps have already blunted the threat. Either way, Nintendo appears content to hold its position and let the situation play out rather than pay.

More:ENCE CEO Mika Kuusisto Steps Down After Seven Years