Posted on September 22, 2020 at 5:07 PM
A recent report reveals that over 500,000 login details of Activision users may have been compromised by hackers. The details have been shared in public, as malicious agents are login into the accounts to alter account details.
As a result, the account will not be accessible by the original owner, as the malicious party takes total control of the account or sell to another party.
According to the report, the alleged breach occurred two days ago. The hackers could have had it easy to infiltrate Activism users’ accounts since the gaming company doesn’t have a two-factor authentication protocol for all accounts registered with the portal.
Security researchers have warned users who have Xbox, PSN, Battlenet, or other accounts connected to their Activision account to unlink them to keep those accounts safe.
And as a safety measure, they should also remove any saved payment details from the platform.
Activision is the publisher of the Call of Duty gaming series. The company has refuted claims its accounts were hacked after reports about the hacking incident that emerged a few days ago.
Twitter user oRemmy initially reported the alleged breach before other content creators, including Okami, confirmed the breach.
While confirming the breach, Okami advises Activision account holders to change their passwords and apply two-factor authentication as soon as possible.
“Yeah, it’s legit guys. Change your Activision account passwords and add 2FA immediately,” Okami reveals in a tweet.
Lack of 2FA made things easier for the hackers
In a later post, Okami cla9imed that the hackers were able to easily hack the Activision account portal because it doesn’t use two-factor authentication (2FA), which would have given the hackers a tough time before they can break-in. But the absence of 2FA cleared the road for the hackers, he pointed out.
Apart from the hugely popular wargaming series, Call of Duty, Activision has produced other popular titles, such as Sierra, Tony Hawk, Spyro, as well as Sekiro.
In 2018, the company was the largest gaming company in the world when it comes to market capitalization and revenue. Last year, it earned a whopping $1.5 billion in sales. This breach is coming when the firm has been enjoying sustained success over the past few years, and it may dampen the high confidence level its users have for the firm.
Cybersecurity experts have also advised Activision account holders how they can secure their accounts.
The best way is to change the passwords linked to the account because using one password across multiple accounts can open the door for hackers to log into other accounts of the users.
With login passwords of the users allow them to have access to the Call of Duty titles that have been released by the company over the past two years, such as Mobile, Modern Warfare, as well as Warzone.
While commenting on the reported hack, Senior Director of Trust and Security at OneLogin, Niamh Muldoon, stressed the importance of having two-factor authentication. According to him, 2FA allows organizations to carry out the strong implementation of strong access control, making it more difficult for cybercriminals to have access to the accounts.
Muldoon said account holders who are affected by the breach should be very conscious about emails they receive, as the hackers could send phishing emails in the future using the victim’s details.
They should contact the right source directly if they have any doubts about the authenticity of any email they receive.
Since most Calls of Duty account holders are young male adults who may not be security conscious, the hackers could have measurable success when they decide to send phishing emails.
Activision should improve security mechanism
Given this breach, security researchers have advised Activision to consider upgrading its security protocols. They should roll out awareness programs as well as access control training to implement unbeatable access control on their platform, Muldoon reiterated.
They should also partner with trusted security platforms that will offer a good support mechanism for end-users while balancing cost and risk.
Lead Systems engineer at Twipire, Dean Ferrando, also commented that although account details and personally identifiable information of account holders is necessary for the company, they are also a goldmine for malicious groups who will do everything to steal users’ account details.