Activision, a giant in the video game industry, is investigating a hacking campaign targeting players in an attempt to steal their credentials, as reported by TechCrunch.
At this stage, the specific objectives of the hackers – apart from stealing passwords for various account types – are not clear. Somehow, the hackers manage to inject malicious software into victims' computers and then steal passwords for their gaming accounts and crypto wallets, among other things, according to sources.
An individual knowledgeable about the incidents, who requested to remain anonymous as they were not authorized to speak to the press, stated that people at Activision Blizzard are investigating, attempting "to help remove the malicious software" and "working on identifying and fixing affected players' accounts."
"There is still not enough data on how (the malicious software) spreads," the individual said. "It could be affecting only people who have third-party tools installed."
Contact
Do you know more about this breach? Or other hacking incidents related to video games? From a non-functioning device, you can securely contact Lorenzo Franceschi-Bicchierai on Signal on phone +1 917 257 1382, or via Telegram, Keybase, and Wire @lorenzofb, or email. You can also contact TechCrunch through SecureDrop.
Activision spokesperson, Dillaney Simmons, told TechCrunch that the company is aware of "claims that certain players' credentials in the broader industry could be at risk from malicious software downloads or unauthorized software usage," and that the company's servers "remain secure and uncompromised."
It seems that the exposure of the malicious software campaign was first revealed by Zeebler, an individual who develops and sells cheats for the popular first-person shooter game Call of Duty. On Wednesday, on the official channel of the cheat provider PhantomOverlay, Zeebler stated that hackers are targeting gamers – some of whom use cheats – to steal their usernames and passwords.
Zeebler described the effort as a "data-stealing malware campaign," in which malicious software disguised as legitimate software installed without the victim's knowledge secretly steals their usernames and passwords.
Zeebler told TechCrunch that he discovered the breach when a PhantomOverlay customer had their account stolen for the cheat software. At that point, Zeebler added, he started investigating and managed to locate the stolen credentials database collected by the hackers.
Later, Zeebler said he reached out to Activision Blizzard as well as other cheat manufacturers that appear to have affected users.
TechCrunch obtained a sample of the seemingly stolen entries and verified that some of the data are authentic credentials. It is unclear how many or how recent the data are.
At this point, there is no reason to believe that regular players of Activision games are at risk, only those using third-party applications like cheats.
In any case, as Simmons of Activision told TechCrunch, users suspecting they may have been affected may change their passwords and enable two-factor authentication.
