Video game giant Activision is investigating a hacking campaign targeting gamers to steal their credentials, according to TechCrunch.
At this point, the specific goals of the hackers — other than stealing passwords for various types of accounts — are unclear. Somehow, the hackers get malware onto the victim’s computers and then steal passwords for their game accounts and crypto wallets, among other things, according to sources.
A person with knowledge of the incidents, who asked to remain anonymous because he was not authorized to speak to the press, said people at Activision Blizzard are investigating, trying to “help remove the malware” and “working to identify and remediate player accounts for anyone affected.”
“There is not enough evidence yet on how [the malware] it’s spreading,” the person said. “It could only affect people who have third-party tools installed.”
Contact us
Do you know more about this hack? Or other video game hacking incidents? From a non-working device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382 or via Telegram, Keybase and Wire @lorenzofb or via email. You can also contact TechCrunch via SecureDrop.
Activision spokesperson Delaney Simmons told TechCrunch that the company is aware of “allegations that some player credentials in the wider industry could be compromised by malware from downloading or using unauthorized software” and that the company’s servers “remain secure and uncompromising”.
The malware campaign appears to have been first uncovered by Zeebler, an individual who develops and sells cheat software for the popular first-person shooter Call of Duty. On Wednesday, on the official channel for cheat provider PhantomOverlay, Zeebler said hackers were targeting players — some using cheats — to steal usernames and passwords.
Zeebler described the effort as an “information-stealing malware campaign,” where malware designed as legitimate-looking software unknowingly installed by the victim secretly steals their usernames and passwords.
Zeebler told TechCrunch that he learned of the hacking campaign when a PhantomOverlay customer had his account hacked for the cheating software. At that point, Zeebler added, he started investigating and was able to find the database of stolen credentials the hackers were collecting.
After that, Zeebler said he contacted Activision Blizzard as well as other cheat makers whose users appear to be affected.
TechCrunch obtained a sample of the allegedly stolen credentials and verified that some of the data is genuine credentials. It is not clear how old or recent the data is.
At this point, there are no reasons to believe that regular Activision game players are at risk, only those using third-party apps such as cheats.
In any case, as Activision’s Simmons told TechCrunch, users who suspect they may have been compromised can change their password and turn on two-factor authentication.
