IntSights comment on Activision account hack
September 2020 by Etay Maor, CSO at IntSights
The comment by Etay Maor, CSO at IntSights on 500,000 Activision accounts reportedly being hacked, mostly belonging to players of the popular game, Call of Duty:
“Online gaming has been a target of attackers for a several years now, with World of Warcraft, Zynga and Nintendo being just some of the big names that have been previously targeted. While in some games the accounts themselves can be monetized after the compromise, (for example when WoW was targeted, high ranking characters and special weapons could be sold to the highest bidder) in many cases the breaches are a result of credential stuffing attacks and the creation of a service specific username/password database.
These types of attacks use known email/password databases to check if users have reused their passwords on the gaming platform. If they have – the attackers can easily create a database of compromised accounts.
Users need to make sure they do not reuse passwords as even a strong password, once reused, becomes a security risk. In addition, users should always opt for additional security checks offered by the game such as two factor authentication. The gaming platform should provide these security features as well as use technologies such as CAPTCHA (to stop automated credential stuffing) and basic security checks such as device ID.”