Activision’s troubled gaming service, Call of Duty Elite, has been sending out password reminders to its users in plain text.
Activision either stores player passwords on its servers in plain text format, or in some retrievable version, which makes the information susceptible to hackers if they found their way into the servers, according to a Eurogamer report.
Activision has insisted in a statement that: “All Call of Duty Elite personal data, including passwords are saved and stored using encryption.” It went on to say that “Call of Duty Elite does not store any sensitive data in plain text. Currently, the only time passwords are sent in plain text is upon request from the registrant and only to the registered email address.”
Most companies avoid emailing passwords in plain text format, as it presents far more risks than sending a password change request. Robert Siciliano, chief executive of IDTheftSecurity.com explains “systems where the user’s email is used to send a password change request that requires the user to enter a new password is much more effective and secure than transmitting an unencrypted plain text password via email.”
Activision has now responded to this issue, and promised to stop sending out passwords in plain text format. It is currently altering and testing its password recovery procedure to ensure passwords are no longer delivered in plain text — thus making the process more secure.
Earlier this year, Sony found itself in extremely hot water when the Playstation Network was hacked. The incident allowed hackers to steal customer passwords and credit card details because the data was not properly encrypted. This resulted in a lengthy outage for the service, and prompted Sony to beef up its network security.
Call of Duty Elite hit more than one million paid subscribers in six days following its launch on Nov. 8, but the service struggled to cope with this initial demand. Activision is now reporting that Call of Duty Elite has been stabilized, and although there are plenty of fixes still to come, users are now able to access the service and engage with it.