A massive data breach at Activision allowed hackers to obtain usernames and passwords for hundreds of thousands of its customers’ accounts.
As I mentioned rightMore than 500,000 Activision accounts were compromised after user credentials were publicly leaked. Cyber criminals now use these credentials to log into user accounts and change their passwords so that the original owners cannot recover them.
The data breach was first reported by a user dealing with “oRemyy” on Twitter but was later confirmed by several content creators including TheGamingRevolution, Prototype Warehouse and Okami. in a TweetOkami confirmed the data breach and urged players to change passwords to their Activision accounts, saying:
“Yes, it’s legit guys. Change your Activision account passwords and add 2FA right away. Apparently, over 500,000 accounts have already been hacked and it’s still going on.”
Players use Activision Accounts to log into the company’s various Call of Duty titles including Warzone, Modern Warfare, and Call of Duty Mobile.
However, the only way to secure an Activision account is to change its password because the company does not offer two-factor authentication to secure it. In addition, to change their passwords, COD players must also unlink Battlenet, PSN, Xbox Live and any other accounts linked to their Activision account as well as remove any payment details stored in it.
At the time of writing, Activision has yet to comment publicly on the data breach, but it is possible that the company is busy working on a fix to secure its clients’ accounts.
Tripwire’s director of systems engineer, Dean Ferrando, provided more information on the data breach and explained what other companies in the games industry could learn from it, saying:
“There is a clear value in having personally identifiable information and user account details, but this is also a goldmine for malicious actors who intend to plan more attacks – whether phishing or otherwise. It is critical that the parties involved take all necessary steps to mitigate the consequences. This incident, which includes changing all their passwords, especially if they are used on accounts other than Activision.
“Game industry workers should take this opportunity to visit their security controls to ensure they are deployed appropriately. The security team should be able to easily assess the number of assets on the network, how secure their configuration is, and the vulnerability position of those assets. “Use this as a wake-up call to ensure that security is not just a checkbox for compliance. Organizations like Activision want to provide a safe and secure space for players and not an experience bypassing the game.”