According to multiple reports, approximately 500,000 ‘Activision’ and ‘Call of Duty’ accounts have been taken over by hackers, but the gaming company insists there has been no security breach. At the same time, many users report seeing people’s credentials leaked online.
The rate of the hacks is at approximately 100 accounts per minute, so the numbers will continue to grow until the legitimate account owners secure them with unique and strong passwords.
Regarding the Activision account breach, I just seen solid proof, change your password.
— Prototype Warehouse (@ProtoWarehouse) September 20, 2020
If you think you may be at risk, please check out these helpful step-by-step tips to safeguard your account https://t.co/2XHHpcVS4i. pic.twitter.com/rTnCMaWBAX
— Activision Support (@ATVIAssist) September 22, 2020
Two weeks ago, we reported about Call of Duty accounts being taken over by hackers, but again, it appeared to be credential stuffing attacks. This is precisely why Activision wasn’t interested in doing much about it, and they still believe that the problem continues to be of the same nature.
What this means is that hackers got their hands on large databases containing the credentials of these players, and then tried them out on the Activision portal to see if they matched. Users who had set the same password as the one on the leaked databases ended up losing their accounts.
Several account holders report that the hackers changed the password and locked them out without even receiving a confirmation email on their inbox. Most importantly, though, the absence of two-factor authentication is shouting exigency at deafening levels. You can’t have a game account where you invest money and time in 2020 and not have an option to secure it with 2FA, even SMS-based.
Activision’s official security recommendations are limited to setting up unique and strong account passwords, avoid using them elsewhere, avoid sharing them with others, and try not to sign in on shared devices. This is obviously not enough to secure the accounts today, although if everyone followed this advice, the number of compromised accounts would undoubtedly be smaller.
This situation leaves players who lost their accounts in despair, but as we said before, accepting to spend money and devote time to a fundamentally insecure game is people’s own choice. When these players decide to go through the same process by opening new accounts, spend more money to buy the same in-game items they held previously, and play the same missions to restore their progress, the message sent to Activision is that the lack of security is actually more profitable.