In April of this year, a lot of users reported that their Nintendo accounts had been breached, and that these had been used to make purchases of digital items that they had never even made. Nintendo addressed user concerns, and revealed to customers that they were aware of unauthorised access to some of the accounts.
A few days after the reports, Nintendo released a statement in which they revealed that close to a staggering 160,000 accounts had been accessed without authorisation, and that they were still investigating the cause of this massive breach; announcing that Nintendo Network ID was no longer necessary to sign in to Nintendo accounts.
This breach also prompted Nintendo to introduce a 2-Step verification method for users to enable; providing customers with a handy link that taught them how to enable this new method for good measure.
In a recent update on Nintendo Japan's website, the company has revealed that an additional 140,000 accounts had also been breached, bumping the number of accounts accessed without authorisation to a grand total of 300,000 affected accounts.
The good news is that Nintendo also reveals that refunds for most of the customers affected by the breach have already been processed, and that their respective Nintendo Network ID and Nintendo Account passwords had been reset; contacting affected users to make them aware of the changes.
Nintendo wouldn't reveal when these additional 140,000 account were accessed, but it could be concerning if this happened after they were first made aware of Nintendo Account irregularities back in April.
In the meantime, it is best that Nintendo Network ID and Nintendo Account users refrain from saving personal information such as credit cards and Paypal accounts when purchasing digital items from the eShop.