500,000 Activision accounts 'hacked' — or were they really?

1. Home
2. News
3. Security

500,000 Activision accounts 'hacked' — or were they really?

(Image credit: Activision)

Rumors have been buzzing around the online gaming world that game publisher Activision has suffered a massive information breach. Simply the truth is probable to be less dramatic. Instead, this seems to be a example of reused passwords coming back to bite gamers in their digital butts.

"Over 500,000 Activision accounts have reportedly been hacked in a new Activision data alienation," reported gaming website Dexterto.com yesterday (Sept. 21), proverb Call of Duty players were hitting especially hard.

• Why I'm glad I built a gaming PC — and why yous should, too
• The all-time countersign managers to keep all your accounts safe
• Xbox Series 10 pre-order guide: Where to buy yours

The site added that attackers (there's probably no actual hacking involved) were "irresolute the business relationship details, making information technology and so the original owners tin can't recover them."

Merely later on that day, Activision Support'due south Twitter account posted a argument that "reports suggesting Activision Phone call of Duty accounts have been compromised are not authentic."

If yous think yous may be at chance, delight cheque out these helpful footstep-past-step tips to safeguard your business relationship https://t.co/2XHHpcVS4i. pic.twitter.com/rTnCMaWBAXSeptember 22, 2020

See more

"We recommend that players take precaution to protect their Activision accounts, also as any online accounts, at all times," the statement added.

The Activision tweet linked to a back up page that advised Activision account holders to "use a strong password," "practise not use passwords y'all've used for other accounts" and "do not share account details or credentials," among other tips.

This is why y'all shouldn't reuse passwords

Read between the lines, and yous tin can come across what Activision is getting at. These account takeovers are probably happening because Call of Duty players are reusing passwords that have already been used for other accounts on other sites, and some of those sites may have indeed suffered existent data breaches.

If you lot reuse passwords, and then your accounts are vulnerable to credential stuffing. That's when attackers hammer websites with long lists of usernames and passwords harvested from data breaches, phishing attacks and other forms of digital leakage. If a gear up of stolen credentials works on one site, it likely will on several others, the reasoning goes.

This is the chief reason why you should never reuse passwords for sensitive accounts, and why it's best to go with ane of the best password managers to keep all your long, unique, difficult-to-remember passwords straight.

If you have an Activision business relationship and you know you've used the countersign somewhere else, then you demand to changes those passwords on both (or more than) accounts. Make sure the passwords y'all cease up with are all only used in one case.

1 affair that would make this whole problem go away

But as security blogger Graham Cluley pointed out, Activision left out ane detail that would go a long way toward protecting even those accounts with reused passwords: ii-gene authentication (2FA).

That's considering Activision doesn't offering 2FA, which is too bad. Anyone trying to break into an account with 2FA activated would need more than just the username and password.

"When they try to log into your account from an unrecognised device, a site'due south 2FA check tin can asking that a six-digit number is entered later the username and password," Cluley wrote. "That number is typically generated past an app on your smartphone — a smartphone that your wannabe account hacker doesn't have access to."

Or that number, which can also be four digits, tin be texted to your phone past the service you're trying to log into. Or yous can accept a physical security fundamental that plugs into a USB port on your computer or can be tapped against the dorsum of your phone to serve as the "second factor" alongside your password.

Cluley pointed out that other game publishers, such as Fortnite maker Epic Games, exercise offer 2FA. And then do hundreds of other online services, including Apple, Dropbox, Facebook, Google, Microsoft, Twitter and, as of terminal week, Zoom.

Of course, it's nevertheless possible that Activision is roofing its own digital butt and has in fact really suffered a data breach. Just it's much more likely that these business relationship takeovers are the event of password reuse. Activision should take that there's e'er going to exist some level of countersign reuse amidst its users and offer them 2FA as a remedy.

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-booty commuter, code monkey and video editor. He'southward been rooting around in the data-security infinite for more than fifteen years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom'south Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random Goggle box news spots and even moderated a console discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Source: https://www.tomsguide.com/news/activision-account-takeovers

Posted by: widemanwhibelf.blogspot.com

Share this post