Activision denies reports 500,000 Call of Duty accounts have been hacked

But wouldn’t it be nice if they offered 2FA?

Rumours have been spreading online for a couple of days that over 500,000 Activision accounts may have been hacked, and passwords stolen.

Some in the video gaming community claim to have seen “solid proof,” and advised players of games like Call of Duty to change their passwords immediately.

But there has been no confirmation of a security breach from the gaming giant itself. In fact, it has now issued a statement explicitly denying that any account compromise has taken place:

“Reports suggesting Activision Call of Duty accounts have been compromised are not accurate. We investigate all privacy concerns. As always we recommend that players take precautions to protect their online accounts, at all times. You will receive emails when major changes are made to your Call of Duty accounts. If you did not make these changes, please be sure to follow the steps provided.”

In addition, Activision pointed to a support page on its website which contains advice on how users can safeguard their accounts.

Unfortunately, there’s a notable omission on that list of advice: two-factor authentication (2FA) doesn’t get a mention, despite the fact that it’s an excellent way to harden the security of online accounts.

2FA can offer an additional layer of security if a bad guy does manage to determine your username and password. When they try to log into your account from an unrecognised device, a site’s 2FA check can request that a six-digit number is entered after the username and password. That number is typically generated by an app on your smartphone – a smartphone that your wannabe account hacker doesn’t have access to.

But there’s a very good reason why Activision doesn’t mention 2FA: they don’t support it.

Other popular game companies, such as Epic Games who make Fortnite, seem to have no problem offering 2FA so it’s a mystery to me why a company with the resources of Activision is not doing the same in 2020.

Even if Activision has not suffered a security breach (and let’s hope the company is right and they haven’t), strongly recommend that anyone who is reusing their Activision password anywhere else on the internet change it as soon as possible.

Reusing passwords is a recipe for disaster, as hackers will use a password breached in one place to break into other online accounts. Password reuse is one of the biggest mistakes you can make on the internet.

Always use unique passwords and (whenever available) enable two-factor authentication.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.

Follow him on Twitter at @gcluley, or drop him an email.