Cyber Incident Victim: Blizzard Entertainment

On September 20, 2020, reports emerged alleging a security incident affecting Activision accounts primarily used by Call of Duty players. The eSports publication Dexerto claimed over 500,000 accounts had been compromised, with attackers publicly leaking login credentials and altering account details to obstruct legitimate owners' recovery efforts. Gaming industry figures, including Respawnable founder @Okami, corroborated these claims via social media, urging players to change passwords immediately. The incident gained widespread attention through gaming communities and cybersecurity news outlets by September 21. Activision issued a formal denial on September 22, asserting no evidence of system compromise and labeling breach reports inaccurate. The company directed users to general account protection guidelines on its support page but did not implement specific incident-related notifications or password resets for affected users.

The reported compromise exposed credentials that could enable unauthorized access to game progress, purchased content, and personal information associated with Activision accounts. Security experts cited credential stuffing—exploiting passwords reused from other breached services—as the probable attack vector. KnowBe4's Javvad Malik noted gaming accounts' inherent appeal to attackers due to users' frequent neglect of security measures during account creation. Tripwire's Dean Ferrando highlighted the value of compromised gaming accounts for facilitating secondary attacks through phishing or malware distribution. Multiple gamers reported unauthorized account access despite Activision's denial, with the absence of two-factor authentication (2FA) options cited as a compounding risk factor. The incident underscored persistent challenges in securing gaming platforms where high user volumes intersect with lax password hygiene practices.