Blackmail against Big N and TinyPulse

What a complicated situation to start the week. Imagine ShadowBytes decided to clash with Nintendo, demanding a hefty $2 million to prevent the dissemination of emails, W-9 documents, names, and even employees' bank statements. The target this time was TinyPulse, a third-party tool that Nintendo of America uses for internal feedback collection. Corporate data leakage is always a bureaucratic nightmare and a severe security breach that shouldn't happen in 2026, but the response from the Japanese giant was a resounding "no, I won't pay." Faced with the refusal, the criminals simply shifted their extortion focus to TinyPulse itself. It's the kind of headache no one wants, especially involving about 859 MB of confidential information in the crosshairs.

The gaming giant decided to officially respond through Kotaku, trying to calm the flames and ensure the situation isn't as dire as it seems. According to the statement, the main servers of the home of Mario remain intact: “We are aware of an incident involving TinyPulse, a third-party service used for internal employee surveys at Nintendo of America. Nintendo systems were not compromised, and no customer personal data or financial information was accessed. The data involved is limited to internal survey content covering a small group of our employees, and most of this information dates back several years.” It's a standard corporate response aimed at soothing concerns, but it leaves an uncomfortable feeling knowing that the team's privacy was exposed due to third-party negligence.

On the other hand, the attackers seem quite convinced they possess compelling material to cause significant damage to the company's reputation. They claim the package includes private conversations revealing the tense atmosphere behind the scenes of the gaming giant.

The ultimatum from ShadowBytes was straightforward: “Nintendo chose not to pay, so we are demanding that Tinypulse pay, or all data will be leaked, including private messages from Nintendo employees — and we can say not all employees are happy. The private messages are about to become public unless Tinypulse reaches an agreement with us.”

Nintendo emphasized that it highly values the opinions of its staff and claimed to be supporting TinyPulse to resolve this predicament as soon as possible. TinyPulse's silence thus far only heightens the market's anticipation on how this vulnerability will be addressed and whether the data will truly end up in the dark corners of the internet. We await the next chapters of this cybersecurity saga, hoping that the affected employees aren't harmed by this technical oversight.