According to reports, more than 500.000 Activision accounts may have been compromised. The eSports Dexerto website reported that a data breach occurred on Sunday, September 20th.
The credentials for accessing these accounts, according to Dexerto, have been leaked to the public and changed account details to prevent easy retrieval by legitimate holders.
The accounts are mainly used by players of the extremely popular Call of Duty franchise. Several eSports Twitter accounts have also reported data breaches. The first was Okami, the founder of Respawnable, who wrote on Twitter "It's valid", adding that players should immediately change their account passwords.
However, an Activision spokesman issued the following statement on 22 September:
Activision Call of Duty accounts have not been compromised. Reports claiming otherwise are not accurate. We investigate all privacy issues. As always, we encourage players to take precautions to protect their accounts at all times. Visit the support page for more information, including a helpful set of tips and tutorials.
You can find these instructions here.
Activision's advice is comprehensive, but most importantly, you need to enable 2FA to protect an account. The reason is that there is no option in Activision accounts.
Dean Ferrando, chief systems engineer (EMEA) at Tripwire, said such breached accounts provide "a goldmine for malicious users who plan to carry out further attacks, whether it is online fishing or not."