A major data breach at Activision has allowed hackers to acquire the usernames and passwords of hundreds of thousands of its customer’s accounts.

As reported by Dexerto, over 500,000 Activision accounts have reportedly been hacked after user credentials were leaked publicly. Cybercriminals are now using these credentials to log in to user accounts and change their passwords so that their original owners will be unable to recover them.

The data breach was first reported by a user who goes by the handle ‘oRemyy’ on Twitter but it was later confirmed by multiple content creators including TheGamingRevolution, Prototype Warehouse and Okami. In a tweet, Okami confirmed the data breach and urged gamers to change the passwords to their Activision accounts, saying:

“Yeah, it’s legit guys. Change your Activision account passwords and add 2FA immediately. Apparently over 500k accounts have been breached already and it’s still ongoing.”

Activision accounts

Activision accounts are used by gamers to log into the company’s various Call of Duty titles including Warzone, Modern Warfare and Call of Duty Mobile.

However, the only way to secure an Activision account is by changing its password as the company does not offer two-factor authentication to secure them. In addition, to changing their passwords, COD players should also unlink their Battlenet, PSN, Xbox Live and any other accounts associated with their Activision account as well as remove any payment details saved to it.

At the time of writing, Activision has yet to comment on the data breach publicly but the company’s is likely busy working on a fix to secure its customer’s accounts.

Systems engineer manager at Tripwire, Dean Ferrando provided further insight on the data breach and explained what other companies in the gaming industry can learn from it, saying:

“There is obvious value in obtaining personal identifiable information and account details of users, but these are also a goldmine for malicious actors intending to plan further attacks – be it phishing or otherwise. It is paramount that the involved parties take all the necessary steps to mitigate the consequences of this incident, which include changing all their passwords, especially if they were used on accounts other than Activision.

“Those within the gaming industry should take this opportunity to visit their own security controls to ensure they are adequately deployed. A security team should be able to easily assess how many of what kind of assets are on the network, how securely they are configured, and what the vulnerability posture of those assets are. All organizations should use this as a wakeup call to ensure that security is not just a check box for compliance. Organizations like Activision want to provide a safe and secure space for gamers and not a game over experience.”

Via Dexerto