Update: An Activision spokesperson issued the following statement, "Activision Call of Duty accounts have not been compromised. Reports suggesting otherwise are not accurate. We investigate all privacy concerns. As always we recommend that players take precautions to protect their accounts at all times. Please visit our player support page for further information, including a helpful set of tips and step-by-step instructions."
A possible data breach at top games studio Activision may have allowed hackers to acquire the usernames and passwords of hundreds of thousands of customer accounts.
Over 500,000 Activision accounts have reportedly been hacked after user credentials were leaked publicly. Cybercriminals are now using these credentials to log in to user accounts and change their passwords so that their original owners will be unable to recover them.
The data breach was first reported by a user who goes by the handle 'oRemyy' on Twitter but it was later confirmed by multiple content creators including TheGamingRevolution, Prototype Warehouse and Okami.
- Protect your privacy online with one of the best VPN services
- Looking for a new password? These are the best password generators around
- Also check out the best password manager
In a tweet, Okami apparently confirmed the data breach, urging gamers to change the passwords to their Activision accounts, saying:
“Yeah, it's legit guys. Change your Activision account passwords and add 2FA immediately. Apparently over 500k accounts have been breached already and it's still ongoing.”
Activision accounts are used by gamers to log into the company's various Call of Duty titles including Warzone, Modern Warfare and Call of Duty Mobile.
However, the only way to secure an Activision account is by changing its password as the company does not offer two-factor authentication to secure them. In addition, to changing their passwords, COD players should also unlink their Battlenet, PSN, Xbox Live and any other accounts associated with their Activision account as well as remove any payment details saved to it.
Systems engineer manager at Tripwire, Dean Ferrando provided further insight on the data breach and explained what other companies in the gaming industry can learn from it, saying:
“There is obvious value in obtaining personal identifiable information and account details of users, but these are also a goldmine for malicious actors intending to plan further attacks – be it phishing or otherwise. It is paramount that the involved parties take all the necessary steps to mitigate the consequences of this incident, which include changing all their passwords, especially if they were used on accounts other than Activision.
“Those within the gaming industry should take this opportunity to visit their own security controls to ensure they are adequately deployed. A security team should be able to easily assess how many of what kind of assets are on the network, how securely they are configured, and what the vulnerability posture of those assets are. All organizations should use this as a wakeup call to ensure that security is not just a check box for compliance. Organizations like Activision want to provide a safe and secure space for gamers and not a game over experience.”
- We've also highlighted the best antivirus software
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.