According to reports, more than 500.000 Activision accounts may have been compromised. The eSports Dexerto website reported that a data breach occurred on Sunday, September 20th.
Credentials for access in those accounts, Dexerto reports, were publicly leaked and account details changed to prevent easy recovery by the rightful owners.
The accounts are mainly used by players of the hugely popular Call of Duty franchise. Several eSports Twitter accounts have also reported the data breach. The first was Okami, founder of Respawnable, who tweeted "It's valid," adding that players should change their account passwords immediately.
However, an Activision spokesman issued the following statement on 22 September:
Activision Call of Duty accounts have not been compromised. Reports claiming otherwise are not accurate. We investigate all privacy issues. As always, we encourage players to take precautions to protect their accounts at all times. Visit the support page for more information, including a helpful set of tips and tutorials.
You can find these instructions here.
Activision's advice is comprehensive, but the most important thing is missing, that you need to enable control ID cardtwo-factor authentication (2FA) to protect an account. The reason is that the option does not exist in Activision accounts.
Dean Ferrando, chief systems engineer (EMEA) at Tripwire, said such compromised accounts provide "a goldmine for malicious users intent on planning further attacks, whether it's electronic fishing or not".