Yesterday a number of reports flew up about an alleged data breach affecting Activision's servers and up to 500,000 Call of Duty accounts.
It all seemed very frightening, with a lot of information floating around from various sources and no verification. Activision has now broken radio silence and officially denied that the breach ever happened, but is urging players to secure their accounts nonetheless.
It all started early yesterday when a few Twitter accounts known for news leaks, rumors and other gaming related content, sometimes with a focus on Call of Duty, warned players about an on-going hack compromising hundreds of thousands of accounts. Log-in details were allegedly posted publicly, and the hackers were using automated scripts to generate 1,000 new, blank accounts every minute.
Yeah, it's legit guys. Change your Activision account passwords and add 2FA immediately.
— Okami (@Okami13_) September 21, 2020
Though multiple Twitter accounts reported this breach, subtweeting one another and claiming to have seen "solid proof", no party actually showed off this proof. Despite the scale of the rumored attack, there was no actual signs of it happening, nor any official response from the publisher.
This changed recently, when Activision released a statement also via Twitter indicating that the reports were incorrect.
— Activision Support (@ATVIAssist) September 22, 2020
The official stance is that no data breach ever occurred in the first place, but for the sake of safety, every player is urged to secure their account. Log-ins, account changes and suspicious activity always results in automatic email notifications being sent out, with "all privacy concerns" being investigated. You can secure your account with 2 factor authentication, and change your password frequently to avoid unauthorized access.
Had the hack been real, it would have had greater ramifications since Call of Duty accounts can be linked with other services, this one breach could affect multiple accounts and games, especially if you use the same password for various services.
At the end of the day, even if it was a false alarm, it's a good reminder to change your passwords regularly.