Expert Comments

Experts On Major Activision Hack Reportedly Compromises Over 500k CoD Accounts

Expert(s): Security Experts
Expert(s): Security Experts

Over 500,000 Activision accounts have reportedly been hacked in a new Activision data breach on September 20, leaving Call of Duty players in limbo. All Call of Duty players should be on notice after a major Activision hack has left millions of accounts in limbo. As of the time of publishing, over 500,000 Activision accounts have reportedly been hacked, with log-ins being leaked publicly. Hackers are then changing the account details, making it so the original owners can’t recover them. The breach was first reported by ‘oRemyy’ on Twitter. This was then confirmed by other content creators, like TheGamingRevolution, Prototype Warehouse, and Okami.

More information: https://www.dexerto.com/call-of-duty/major-activision-hack-reportedly-compromises-over-500k-cod-accounts-1422141

Experts Comments

Dot Your Expert Comments
Kim DeCarlis
September 22, 2020
CMO
PerimeterX

The compromised accounts can then be used to commit fraud.
Stolen personal information is sold on the dark web and used by other cybercriminals to launch automated account takeover (ATO) attacks on other websites, where the same user might have had a registered account. The compromised accounts can then be used to commit fraud, which not only hurts the affected user but also the business whose website was targeted. For enterprises with an online presence, even if they are not part of a data breach, it is important to have bot mitigation capabilities to .....Read More
Stolen personal information is sold on the dark web and used by other cybercriminals to launch automated account takeover (ATO) attacks on other websites, where the same user might have had a registered account. The compromised accounts can then be used to commit fraud, which not only hurts the affected user but also the business whose website was targeted. For enterprises with an online presence, even if they are not part of a data breach, it is important to have bot mitigation capabilities to address ATO attacks. For consumers, it is best to use different passwords on different sites and lockdown their credit records as much as possible.  Read Less
Boris Cipot
September 22, 2020
Senior Sales Engineer
Synopsys

Many accounts have a collection of virtual goods which can be acquired by gamers for real money.
Gaming is not simply entertainment for children, it is a thriving industry with highly sophisticated technology. For example, games now offer highly advanced simulators whereby individuals can embody a soldier, fighter pilot or even a football player. With the support of Virtual Reality technology, these games can become even more realistic. Moreover, we are witnessing a rise in E-sports, where tournaments and winners amass large pots of money. As there is a lot of money involved, it is normal.....Read More
Gaming is not simply entertainment for children, it is a thriving industry with highly sophisticated technology. For example, games now offer highly advanced simulators whereby individuals can embody a soldier, fighter pilot or even a football player. With the support of Virtual Reality technology, these games can become even more realistic. Moreover, we are witnessing a rise in E-sports, where tournaments and winners amass large pots of money. As there is a lot of money involved, it is normal for cyber criminals to target known game brands to access user accounts. One might think that the value of hacking into an account is through reusing its password on other services. However, in reality, some of these gaming accounts themselves are worth a lot of money. Many accounts have a collection of virtual goods which can be acquired by gamers for real money. That means cybercriminals could gain profits just by selling one or many accounts which hold valuable virtual goods. It is true that they could benefit from other goodies such as passwords, payment information and email addresses, but in gaming, the real money lies in selling virtual goods. The other threat is also in the linking of other accounts like PSN, Xbox or Battlenet… As such, users of Activision should change their password on services where it has been reused.  Read Less
Chris Hauk
September 22, 2020
Consumer Privacy Champion
Pixel Privacy

COD players need to react quickly by changing their passwords.
Looks like it's time for Call of Duty players to do the password change shuffle. COD players need to react quickly by changing their passwords and making sure that they didn't use the same password on other accounts. Plus, since Activision hasn't seen fit to offer two-factor authentication on player accounts, COD'ers will need to keep an eye on their accounts and hope for the best. Also, keep an eye on any Xbox, Battlenet, or Playstation Network accounts they may have linked to their Activision .....Read More
Looks like it's time for Call of Duty players to do the password change shuffle. COD players need to react quickly by changing their passwords and making sure that they didn't use the same password on other accounts. Plus, since Activision hasn't seen fit to offer two-factor authentication on player accounts, COD'ers will need to keep an eye on their accounts and hope for the best. Also, keep an eye on any Xbox, Battlenet, or Playstation Network accounts they may have linked to their Activision accounts.  Read Less
Etay Maor
September 22, 2020
CSO
IntSights

Online gaming has been a target of attackers for a several years now
Online gaming has been a target of attackers for a several years now, with World of Warcraft, Zynga and Nintendo being just some of the big names that have been previously targeted. While in some games the accounts themselves can be monetized after the compromise, (for example when WoW was targeted, high ranking characters and special weapons could be sold to the highest bidder) in many cases the breaches are a result of credential stuffing attacks and the creation of a service specific.....Read More
Online gaming has been a target of attackers for a several years now, with World of Warcraft, Zynga and Nintendo being just some of the big names that have been previously targeted. While in some games the accounts themselves can be monetized after the compromise, (for example when WoW was targeted, high ranking characters and special weapons could be sold to the highest bidder) in many cases the breaches are a result of credential stuffing attacks and the creation of a service specific username/password database. These types of attacks use known email/password databases to check if users have reused their passwords on the gaming platform. If they have – the attackers can easily create a database of compromised accounts. Users need to make sure they do not reuse passwords as even a strong password, once reused, becomes a security risk. In addition, users should always opt for additional security checks offered by the game such as two factor authentication. The gaming platform should provide these security features as well as use technologies such as CAPTCHA (to stop automated credential stuffing) and basic security checks such as device ID.  Read Less
Martin Jartelius
September 21, 2020
CSO
Outpost24

Still shy of the 77 million accounts exposed on the Playstation Network breach, this is a substantial breach.
Still shy of the 77 million accounts exposed on the Playstation Network breach, this is a substantial breach. In parts the cleanup will be a large undertaking for Activision, we can only hope backups allow restoring original contact data, resetting access and managing the users who still cannot regain access which should be a smaller group. But also for anyone reusing information for the accounts it is critical to not only change the access to the platform but also any other places the.....Read More
Still shy of the 77 million accounts exposed on the Playstation Network breach, this is a substantial breach. In parts the cleanup will be a large undertaking for Activision, we can only hope backups allow restoring original contact data, resetting access and managing the users who still cannot regain access which should be a smaller group. But also for anyone reusing information for the accounts it is critical to not only change the access to the platform but also any other places the credentials are used.  Read Less
David Kennefick
September 21, 2020
Product Architect
edgescan

Much like all supposed breaches, you should be cautious and change any associated passwords.
While reports of a database leak are unconfirmed, it might be worth to go and change your Activision passwords just in case. In general, it is best practice to enable MFA where possible, especially on accounts where there is valuable information available. This option doesn’t seem to be available on Activision.com, and there are also a few questionable password policies including limits of 20 characters and disallowed special characters such as []{}|". When using a password manager there are .....Read More
While reports of a database leak are unconfirmed, it might be worth to go and change your Activision passwords just in case. In general, it is best practice to enable MFA where possible, especially on accounts where there is valuable information available. This option doesn’t seem to be available on Activision.com, and there are also a few questionable password policies including limits of 20 characters and disallowed special characters such as []{}|". When using a password manager there are less limitations on password complexity, so they may consider removing these restrictions to encourage better password complexity and management. Much like all supposed breaches, you should be cautious and change any associated passwords. It may also be a good time to go and review any permissions or linked accounts that may be associated with your Activision account. There is the possibility to link all major gaming platforms such as Steam, Xbox, PlayStation as well as Twitch, YouTube for streaming, and if you are not utilising these integrations it might be best to remove them.  Read Less
Niamh Muldoon
September 21, 2020
Senior Director of Trust and Security EMEA
OneLogin

Strong authentication is a requirement to implement strong access control to make it harder for cybercriminals to access accounts.
This just goes to show the importance of multi-factor authentication. Strong authentication is a requirement to implement strong access control to make it harder for cybercriminals to access accounts. It is also a reminder that users should be setting strong and unique passwords, employing a password manager if necessary to avoid reusing passwords across accounts. Affected individuals need to be on the lookout for suspicious activity and be wary of any potential phishing emails that come.....Read More
This just goes to show the importance of multi-factor authentication. Strong authentication is a requirement to implement strong access control to make it harder for cybercriminals to access accounts. It is also a reminder that users should be setting strong and unique passwords, employing a password manager if necessary to avoid reusing passwords across accounts. Affected individuals need to be on the lookout for suspicious activity and be wary of any potential phishing emails that come through. If in doubt, contact the source directly. Given the profile of Call of Duty end-users, predominantly young male adults who may not be security conscious and/or aware, Activision now have a great opportunity to consider rolling out access control training and awareness through their platform as well as implement strong access control into their platform. Partnering with Trusted Security platform providers will support Activism deliver quality services to their end-users while balancing cost and risk.  Read Less
Javvad Malik
September 21, 2020
Security Awareness Advocate
KnowBe4

People should always take care to not reuse passwords and secure their accounts with 2FA wherever it is made available.
Any account that is created online, even if it has no direct monetary value, or seems trivial, has some value to criminals. Therefore, criminals are always looking for ways to compromise accounts and use them for nefarious purposes. Many games require accounts to be created to play online. For many players, this is a trivial affair and not much thought is given to security. However, this is precisely what makes them an appealing target looking to compromise large numbers of accounts quickly......Read More
Any account that is created online, even if it has no direct monetary value, or seems trivial, has some value to criminals. Therefore, criminals are always looking for ways to compromise accounts and use them for nefarious purposes. Many games require accounts to be created to play online. For many players, this is a trivial affair and not much thought is given to security. However, this is precisely what makes them an appealing target looking to compromise large numbers of accounts quickly. Therefore, people should always take care to not reuse passwords and secure their accounts with 2FA wherever it is made available. Similarly, service providers have a responsibility to ensure that any accounts are secured appropriately and there are layered defences that protect, detect, and respond to any attacks quickly.  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

15 Schools Hit By Cyberattack In Nottinghamshire

Qualys Hit With Ransomware And Customer Invoices Leaked

Experts Reaction On PrismHR Hit By Ransomware Attack

Expert Insight On Ryuk’s Revenge: Infamous Ransomware Is Back And...

ObliqueRAT Trojan Lurks On Compromised Websites – Experts Comments

Microsoft Multiple 0-Day Attack – Tenable Comment

Experts Reaction On Malaysia Airlines 9 Years Old Data Breach

IoT Security In The Spotlight, As Research Highlights Alexa Security...

Oxfam Australia Confirms ‘Supporter’ Data Accessed In Cyber Attack

Expert Reaction On Solarwinds Blames Intern For Weak Passwords