According to reports, more than 500.000 Activision accounts may have been compromised. The eSports Dexerto website reported that a data breach occurred on Sunday, September 20th.
Credentials for access in those accounts, Dexerto reports, were publicly leaked and account details changed to prevent easy recovery by the rightful owners.
The accounts are mainly used by players of the hugely popular franchise Call of Duty. Several eSports Twitter accounts have also reported the data breach. The first was Okami, founder of Respawnable, who tweeted “It's valid,” adding that players should change their account passwords immediately.
However, an Activision spokesman issued the following statement on 22 September:
Activision Call of Duty accounts have not been hacked. Reports to the contrary are not accurate. We investigate all privacy issues. As always, we recommend that players take precautions to protect their accounts at all times. Visit the support page for more information, including a helpful array of tips and step-by-step instructions.
You can find these instructions here.
Activision's advice is complete, but it's missing the most important thing, that you need to enable two-factor authentication (2FA) for protection an account. The reason is that there is no option in Activision accounts.
Dean Ferrando, chief systems engineer (EMEA) at Tripwire, said such breached accounts provide "a goldmine for malicious users who plan to carry out further attacks, whether it is online fishing or not."