Call of Duty Black Ops Cold War screenshots-1
News

Over 500K Activision ‘user accounts’ hacked along with login credentials being made public [UPDATE]

28 Comments

Activision has reportedly been hacked and hackers behind the breach have gained access to the accounts of over half a million users, according to reports. Over half-a-million Activision Accounts may have been breached, with log-in credentials with passwords, also being made public.

The eSports site Dexerto has reported that a data breach occurred on Sunday, September 20. There are reports that account details have also been changed to prevent easy recovery by the original owners. These hackers are supposedly changing the account details of these leaked log-ins, making it impossible for their actual legit owners to log in and recover them.

Hackers have been generating around 1,000 accounts every ten minutes and leaking login credentials on public forums. So kindly check your Log-in details, and change the password and other personal details.

A number of Call of Duty community members have also confirmed the breach on Twitter, such as TheGamingRevolution, Prototype Warehouse, and Okami.

“The only way to secure your account is by changing your password associated with the account. If you also use the same password across numerous services, be sure to change those ones, as data breaches like this are often used to hack into other sites.

You should also unlink your Battlenet, PSN, Xbox, or other accounts associated with your Activision account to protect those as well. If you have saved payment details on hand too, you’ll want to try and remove those too,” the news site said in an advice to gamers.

Activision accounts are used to log into numerous Call of Duty titles such as Warzone, Modern Warfare and COD Mobile; as well as a few other titles such as Sekiro: Shadows Die Twice. Due to Activision accounts not having a two-factor authentication, it’s tough to thwart or avoid all forms of hacking.

“This is a substantial breach,” Martin Jartelius, CSO at Outpost24, said, “in parts, the clean-up will be a large undertaking for Activision, we can only hope backups allow restoring original contact data, resetting access and managing the users who still cannot regain access which should be a smaller group.”

Commenting on the fact that Activision accounts do not have two-factor authentication, Niamh Muldoon, Senior Director of Trust and Security at OneLogin, said the reported hack goes to show the importance of multi-factor authentication as MFA enables organizations to implement strong access control to make it harder for cybercriminals to access accounts. It is also a reminder that users should be setting strong and unique passwords, employing a password manager if necessary to avoid reusing passwords across accounts. Affected individuals need to be on the lookout for suspicious activity and be wary of any potential phishing emails that come through. If in doubt, contact the source directly.

“Given the profile of Call of Duty end-users, predominantly young male adults who may not be security conscious and/or aware, Activision now have a great opportunity to consider rolling out access control training and awareness through their platform as well as implement strong access control into their platform. Partnering with Trusted Security platform providers will support Activism deliver quality services to their end-users while balancing cost and risk,” she added.

According to Dean Ferrando, lead systems engineer (EMEA) at Twipwire, there is obvious value in obtaining personal identifiable information and account details of users, but these are also a goldmine for malicious actors intending to plan further attacks – be it phishing or otherwise.

“It is paramount that the involved parties take all the necessary steps to mitigate the consequences of this incident, which include changing all their passwords, especially if they were used on accounts other than Activision. Those within the gaming industry should take this opportunity to visit their own security controls to ensure they are adequately deployed. A security team should be able to easily assess how many of what kind of assets are on the network, how securely they are configured, and what the vulnerability posture of those assets are.”

“All organizations should use this as a wakeup call to ensure that security is not just a check box for compliance. Organizations like Activision want to provide a safe and secure space for gamers and not a game over experience,” he added.

How to Change Your Activision Account Password:

If you need to change your Activision/Call of Duty account password (which we highly recommend you do) follow these steps:

  • Go to the Call of Duty account password recovery page
  • Enter the email address that was used to create your account and select Submit
  • Instructions for resetting your password will be sent to the email address you entered
  • Check your email and follow the RESET YOUR PASSWORD link provided to reset your password The link will be valid for 24 hours and can only be used once
  • Enter a new password according to the password requirements
  1. Must be between 8 and 20 characters long
  2. Must contain at least one letter and one number
  3. May not contain sequential characters (e.g. ABC, 123, jkl)
  4. May not repeat the same character (e.g. XX, aa, 33)
  • Select Save

Change your password with any other services that may share your old password. Be sure to link your Battlenet, PSN, Xbox or any other accounts associated with your Activision account to protect those.

Most importantly, remove any and all payment options associated with these accounts. Activision is yet to comment on the reported breach publicly.

Stay tuned for more!

UPDATE

Activision claims that the Call of Duty account hack reports are false.