Activision Refutes Claims of 500K-Account Hack

activision call of duty account hacks

The Call of Duty behemoth said that the reports of widespread hacks are false.

After reports surfaced that 500,000 Activision accounts may have been hacked, impacting online Call of Duty (CoD) players, the gaming giant is disputing the claim.

The alleged breach was first flagged by the #oRemyy account on Twitter, and was quickly amplified by others, who claimed that accounts were being taken over and credentials changed, so that the legitimate users couldn’t recover them. The claims were picked up by gaming news outlet Dexterto.com.

“Yeah it’s legit guys. Change your Activision account passwords immediately. Apparently over 500,000 accounts have been breached already and it’s still ongoing,” one user going by “Okami” tweeted. And at least one user claimed to have “solid proof”:

Nonetheless, Activision is calling the claims false, after the tweets caused an online hullaballoo amongst CoD fans.

Threatpost has reached out to the company for more details.

Activision accounts are linked to Call of Duty franchise titles, like Warzone and Modern Warfare, and can be linked to Xbox, PlayStation, Steam and other gaming systems and networks. They can also contain payment details. Two-factor authentication is unfortunately not an account security option, making brute-force attacks to crack accounts more possible.

“There is obvious value in obtaining personal identifiable information (PII) and account details of users, but these are also a goldmine for malicious actors intending to plan further attacks – be it phishing or otherwise,” Dean Ferrando, systems engineer manager – EMEA at Tripwire, said via email.

He added that breach or no, the incident should be a security wakeup call: “Those within the gaming industry should take this opportunity to visit their own security controls to ensure they are adequately deployed,” he said. “A security team should be able to easily assess how many of what kind of assets are on the network, how securely they are configured, and what the vulnerability posture of those assets are. Organizations like Activision want to provide a safe and secure space for gamers and not a game over experience.”

The supposed attack is entirely plausible, according to Kim DeCarlis, CMO at PerimeterX, and should also put consumers on notice.

“Stolen personal information is sold on the dark web and used by other cybercriminals to launch automated account takeover (ATO) attacks on other websites, where the same user might have had a registered account,” DeCarlis said via email. “The compromised accounts can then be used to commit fraud, which not only hurts the affected user but also the business whose website was targeted. For enterprises with an online presence, even if they are not part of a data breach, it is important to have bot mitigation capabilities to address ATO attacks. For consumers, it is best to use different passwords on different sites and lockdown their credit records as much as possible.”

Suggested articles

Discussion

  • Anonymous on

    Yes, they were very likely "hacked" as many account passwords stopped working last week mysteriously. Activision will always refuse responsibility because it's run by shitty people .. just look at the number of accounts using subscription cheats that actjvision refuses to stop. Activision sucks.
  • Anonymous on

    I'm done with Activision.
  • website here on

    An outstanding share! I've just forwarded this onto a co-worker who has been doing a little research on this. And he in fact ordered me lunch simply because I found it for him... lol. So let me reword this.... Thanks for the meal!! But yeah, thanx for spending time to discuss this topic here on your website.
  • Jermaine Walker on

    My Activision account got hacked yesterday and the hacker actually spoke to me and told me how he got it. Is there a better way to keep our accounts secure from this issue?

Leave A Comment

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.