A major data breach at Activision has allowed hackers to acquire the usernames and passwords of tons of thousands of its customer’s accounts.
As reported by Dexerto, over 500,000 Activision accounts have reportedly been hacked after user credentials were leaked publicly. Cybercriminals are now using these credentials to log in to user accounts and change their passwords so that their original owners will be unable to recover them.
The data breach was first reported by a user who goes by the handle ‘oRemyy’ on Twitter but it was later confirmed by multiple content creators including TheGamingRevolution, Prototype Warehouse and Okami. In a tweet, Okami confirmed the data breach and urged gamers to change the passwords to their Activision accounts, saying:
“Yeah, it’s legit guys. Change your Activision account passwords and add 2FA immediately. Apparently over 500k accounts have been breached already and it’s still ongoing.”
Activision accounts are used by gamers to log into the company’s various Call of Duty titles including Warzone, Modern Warfare and Call of Duty Cell.
However, the one way to secure an Activision account is by changing its password as the company doesn’t offer two-factor authentication to secure them. As well as, to changing their passwords, COD players should also unlink their Battlenet, PSN, Xbox Live, and any other accounts associated with their Activision account, in addition, to remove any fee details saved to it.
At the time of writing, Activision has yet to comment on the data breach publicly but the firm is likely busy engaged on a fix to secure its customer’s accounts.
Systems engineer manager at Tripwire, Dean Ferrando provided additional insight on the data breach and explained what other companies within the gaming industry can learn from it, saying:
“There is apparent worth in obtaining personally identifiable information and account details of users, however, these are also a goldmine for malicious actors intending to plan further attacks – be it phishing or otherwise. It’s paramount that the involved events take all the necessary steps to mitigate the results of this incident, which include altering all their passwords, especially in the event that they had been used on accounts other than Activision.
“Those within the gaming industry should take this chance to go to their own safety controls to make sure they are adequately deployed. A security team should be able to simply assess how many of what sort of assets are on the network, how securely they are configured, and what the vulnerability posture of those assets are. All organizations should use this as a wakeup name to ensure that safety is not just a verify box for compliance. Organizations like Activision want to present a safe and safe space for gamers and not a game over experience.”