Gaming giant Activision has reportedly been hacked and hackers behind the breach have gained access to the user accounts of over half a million users, according to reports.
Activision, a household name worldwide for years, is the company behind the enormously popular Call of Duty wargaming series as well as other popular gaming titles such as Sekiro, Spyro, Tony Hawk, and Sierra. The company enjoyed $1.5 billion in sales last year and in 2018, was the world's largest gaming company in terms of revenue and market capitalisation.
Earlier today, esports news website Dexerto reported that on Sunday, Activision suffered a major hack that compromised over 500,000 user accounts and since then, hackers have been generating around 1,000 accounts every ten minutes and leaking login credentials on public forums.
"The only way to secure your account is by changing your password associated with the account. If you also use the same password across numerous services, be sure to change those ones, as data breaches like this are often used to hack into other sites.
"You should also unlink your Battlenet, PSN, Xbox, or other accounts associated with your Activision account to protect those as well. If you have saved payment details on hand too, you’ll want to try and remove those too," the news site said in an advice to readers.
The login credentials of over half a million users, that have been accessed by hackers, enable players to login to Call of Duty titles that have been released over the past few years such as Warzone, Modern Warfare, and Mobile. Activision is set to release its latest game- Call of Duty Black Ops Cold War, in November and has already enabled pre-orders on the Call of Duty website.
Activision accounts don't have MFA enabled
Commenting on the fact that Activision accounts do not have two-factor authentication, Niamh Muldoon, Senior Director of Trust and Security at OneLogin, said the reported hack goes to show the importance of multi-factor authentication as MFA enables organisations to implement strong access control to make it harder for cybercriminals to access accounts.
"It is also a reminder that users should be setting strong and unique passwords, employing a password manager if necessary to avoid reusing passwords across accounts. Affected individuals need to be on the lookout for suspicious activity and be wary of any potential phishing emails that come through. If in doubt, contact the source directly.
"Given the profile of Call of Duty end-users, predominantly young male adults who may not be security conscious and/or aware, Activision now have a great opportunity to consider rolling out access control training and awareness through their platform as well as implement strong access control into their platform. Partnering with Trusted Security platform providers will support Activism deliver quality services to their end-users while balancing cost and risk," she added.
According to Dean Ferrando, lead systems engineer (EMEA) at Twipwire, there is obvious value in obtaining personal identifiable information and account details of users, but these are also a goldmine for malicious actors intending to plan further attacks – be it phishing or otherwise.
"It is paramount that the involved parties take all the necessary steps to mitigate the consequences of this incident, which include changing all their passwords, especially if they were used on accounts other than Activision.
"Those within the gaming industry should take this opportunity to visit their own security controls to ensure they are adequately deployed. A security team should be able to easily assess how many of what kind of assets are on the network, how securely they are configured, and what the vulnerability posture of those assets are.
"All organisations should use this as a wakeup call to ensure that security is not just a check box for compliance. Organisations like Activision want to provide a safe and secure space for gamers and not a game over experience," he added.
Image Source: Activision