Nintendo has shut down some NNID logins and has told Switch owners to lock down their accounts following a series of fraudulent attacks. Nintendo has confirmed that it suffered an attack by hackers who accessed some accounts and are using PayPal accounts linked to the accounts to purchase items fraudulently.

According to Nintendo, approximately 160,000 accounts have been compromised, including users’ nicknames, email addresses, gender, and dates of birth. Some PayPal accounts have apparently been compromised as well.

Nintendo is urging customers to enable two-factor authentication on their accounts and has agreed to refund any fraudulent purchases made during the incident.

If you are a Nintendo user, heed Nintendo’s guidance and lock down your account and enable multi-factor authentication going forward.