A self-described “extortion as a service group” known as ShadowByt3$ (hereafter ShadowBytes) is threatening to leak “859.0MB” of Nintendo’s private employee data, which allegedly contains a list of employee emails, full names, bank statements, and private conversations, unless they’re provided with “a ransom payment of 2 million dollars.”
The ransomware group published the threat on its own website on June 12, alongside a blog post detailing the alleged contents of the employee data and a mega.io link (which is now inaccessible) containing “proof” of its hack. “You have 48 hours to contact us Nintendo or all data gets leaked,” reads the initial threat. “If you contact us we give you an extra day to think this through. We are demanding a ransom payment of 2 million dollars.”
🚨Cyber Alert ‼️
🇯🇵Japan – 𝗡𝗶𝗻𝘁𝗲𝗻𝗱𝗼
SHADOWBYT3$ claims to have breached Nintendo, allegedly stealing approximately 859 MB of data from TINYpulse systems. The claimed dataset includes employee names, email addresses, surveys, analytics reports, bank statement PDFs, W-9… pic.twitter.com/ElrsrKesjq
— Hackmanac (@H4ckmanac) June 13, 2026
As detailed in a post on the open-source intelligence platform RansomLook, a second threat was issued by the group on June 14, which stated that ShadowBytes had moved onto threatening TinyPulse, the employee feedback platform from which the alleged Nintendo data was seemingly sourced, after Nintendo “decided not to pay” the group its ransom.
“Tinypulse you have till june 16th 2026 to contact us via telegram or email that we have sent you,” reads the second threat. “Nintendo decided to not pay so we are demanding that Tinypulse pay or all data will be leaked including private messages of Nintendo employees and not all employees are happy we can tell you that. Private messages are about to not become private if Tinypulse doesn’t reach an agreement with us.”
TinyPulse is an “employee engagement and feedback solution” service that allows companies to “measure and improve company culture, increase employee retention, and enhance performance by promoting better communication.” Essentially, it’s a sort of middle ground between Slack and a message board, which allows employees to discuss (or raise concerns about) the company they work for.
The leak revealed that back in December 2025, Nintendo of America decided to implement Copilot AI into the workspace, even though employees were against it for many reasons. https://t.co/CHNzpzZtEH pic.twitter.com/1o8RK38JtF
— SomeoneIDK (@ultima_flashs) June 15, 2026
One user on X has posted screenshots of some of the alleged info seemingly contained within the mega.io link featured in ShadowBytes’ ransom post. According to the user, they were able to access the full contents of ShadowBytes’ ransom because “for one of the proof screenshots they forgot to blur the download link to the contents so their ransom is worthless basically.”
While it’s impossible to verify if the screenshots they’ve provided are indeed real, as the mega.io link is now inaccessible, several of the alleged employee conversations state that Nintendo of America has been incorporating Microsoft’s Copilot AI tool into its work in an unconfirmed capacity. “I am a little worried about the push for the Copilot AI tool,” reads one of the screenshots allegedly depicting the leak. “I don’t think we’re considering the negatives of relying too heavily on AI.”
Nintendo confirmed that it was “aware of an issue involving TinyPulse” in a statement provided to Kotaku by Nintendo of America: “We are aware of an issue involving TinyPulse, a third-party service used for internal employee surveys at Nintendo of America. Nintendo’s systems have not been compromised, and no personal customer or financial data has been accessed. The data involved is limited to internal survey content comprising a small subset of our employees, and most of the information dates back several years.”
“We appreciate our employees’ willingness to share their perspectives, take all feedback seriously, and take action when needed,” continues the statement. “We are working with the service provider to address the issue.”
