According to reports, more than 500.000 Activision accounts may have been compromised. The eSports Dexerto website reported that a data breach occurred on Sunday, September 20th.
Credentials to access these accounts, Dexerto reports, were leaked publicly and the accounts' details were changed to prevent easy recovery by the rightful owners.
The accounts are mainly used by players of the hugely popular Call of Duty franchise. Several eSports accounts at Twitter have also reported the data breach. The first was Okami, founder of Respawnable, who tweeted "It's valid," adding that players should immediately change their codetheir account access.
However, an Activision spokesman issued the following statement on 22 September:
Activision Call of Duty accounts have not been compromised. Reports claiming otherwise are not accurate. We investigate all privacy issues. As always, we encourage players to take precautions to protect their accounts at all times. Visit the support page for more information, including a helpful set of tips and tutorials.
You can find these instructions here.
Activision's advice is comprehensive, but the most important thing is missing, that you need to enable control identity two-factor (2FA) to protect an account. The reason is that the option does not exist in Activision accounts.
Dean Ferrando, chief systems engineer (EMEA) at Tripwire, said such compromised accounts provide "a gold mine for malicious users intent on further planning attacks, whether it's phishing or not."