The global website is a Nintendo member rewards site, on which users are urged to register their Nintendo products and consoles, answer surveys, and so on in exchange for gamer points and exclusive products.
According to the company, the (initially intermittent) unlawful login attempts have started on June 9, but they were spotted only on July 2, when the number of attempts became massive - 15.5 million in all - and most of them failed.
Only Japanese accounts were targeted, it seems, and the attackers probably used a list of logins and passwords obtained from a hack of some other online service geared towards Japanese users.
The members' names, home addresses, phone numbers, and email addresses were compromised, but no credit or debit card information as members didn't need to provide it from the get-go. No gamer points from the compromised accounts were misused.
Computerworld reports that Nintendo has suspended the affected accounts, and has been notifying their owners, asking them to reset and change their password.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.