Cyber Incident Victim: Activision Blizzard
Date:
Sep 2020
Location:
United States of America
Summary
Reports emerged that over 500,000 gaming accounts linked to Activision were potentially compromised, with credentials leaked publicly and account details altered to hinder recovery. The company denied any breach of its systems, stating investigations found no evidence of compromise, while security experts highlighted that such accounts are frequent targets for credential stuffing attacks due to password reuse across services. Affected players reported unauthorized access, with industry analysts noting stolen gaming credentials could facilitate further malicious activities like phishing campaigns.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 20, 2020, reports emerged alleging a security incident affecting Activision accounts tied to the Call of Duty franchise. The eSports publication Dexerto claimed a breach had occurred, with over 500,000 accounts potentially compromised. Publicly leaked credentials reportedly included login details, and attackers altered account information to obstruct legitimate owners from recovering access. Multiple gaming-related Twitter accounts amplified these claims, including @Okami from Respawnable, who validated the reports as legitimate and urged players to change passwords immediately. The incident primarily threatened players using Activision accounts for Call of Duty online services.
Activision issued a denial on September 22, asserting no compromise of its systems had occurred and labeling external reports as inaccurate. The company directed users to its support page for security guidance but did not implement two-factor authentication (2FA) as an account protection measure at the time. Security experts contextualized the situation, noting that credential stuffing—exploiting passwords reused from other breached services—likely explained many user-reported account takeovers. Javvad Malik of KnowBe4 highlighted the attractiveness of gaming accounts to attackers due to typically weak user security practices, while Tripwire's Dean Ferrando warned that compromised accounts could facilitate phishing campaigns or other secondary attacks. Despite Activision's denial, player complaints of unauthorized access persisted, underscoring the operational impact of credential reuse across unrelated platforms.