data breaches
Activision Pulls Call of Duty: WWII from Microsoft Store After Players Hacked
Activision has been forced to take down the Microsoft Store version of Call of Duty: WWII after players began reporting serious cybersecurity incidents tied to the game’s PC build. The 2017 title, recently relaunched on Game Pass, was exploited by malicious actors who used a previously undisclosed flaw to gain remote access to players’ machines, leading to a rare but impactful shutdown of a major online game.
The takedown highlights growing concerns in the gaming industry about client-side vulnerabilities, supply chain risks, and the consequences of understaffed cybersecurity teams at major studios.
Activision’s Statement and Action
While Activision has not released detailed technical findings, the company confirmed in a brief announcement that it had “temporarily disabled access to the Microsoft Store build of Call of Duty: WWII to investigate a security vulnerability impacting some players on PC.”
The vulnerability reportedly allowed attackers to use compromised lobbies or peer-to-peer game traffic to deliver malicious payloads, potentially leveraging code injection or DLL sideloading techniques commonly seen in game hacking and modding communities.
Technical Breakdown: Possible Exploit Vectors
Based on independent research and prior case patterns in multiplayer gaming environments, several likely vectors are being investigated by the cybersecurity community:
1. Remote Code Execution via Modded Lobbies
Mechanism: Attackers may have hosted or injected into custom game lobbies where malicious scripts or modified game logic could be pushed to connected clients.
Risk: Once a player joined, arbitrary code could be executed locally under the same privileges as the game process.
2. DLL Injection via Game Mod Loaders
Mechanism: The PC version may have lacked proper signature verification or binary integrity checks, allowing attackers to inject custom DLLs that executed upon game launch.
Risk: These DLLs could serve as backdoors or dropper payloads for larger malware frameworks.
3. Peer-to-Peer (P2P) Packet Exploits
Mechanism: Older versions of CoD games use P2P networking for multiplayer. An attacker could send crafted UDP packets that triggered buffer overflows or memory corruption in the game’s network handling code.
Risk: Exploits could hijack client memory, allowing attackers to execute code or crash systems remotely.
4. Supply Chain Misconfiguration
Mechanism: The version distributed via Microsoft Store/Game Pass might have had unpatched legacy libraries or a misconfigured update pipeline.
Risk: Attackers could abuse overlooked dependencies (e.g., outdated DirectX components or input libraries) to trigger local privilege escalation or code execution.
Impact and Industry Fallout
The issue is particularly sensitive given that the title was newly added to Microsoft Game Pass, putting it in front of thousands of unsuspecting players—many of whom may not have enabled robust endpoint protections.
“This is a textbook example of why legacy titles need just as much security investment as live-service games,” said a former developer on Activision’s anti-cheat team.
Activision’s Security History and Response
The incident comes at a time when Activision has faced multiple rounds of layoffs, some of which impacted its cybersecurity and anti-cheat divisions. Industry insiders report that several experienced infosec engineers were cut in early 2024 as part of cost-reduction efforts.
By contrast, other publishers such as Riot Games, Ubisoft, and Epic Games have ramped up internal cybersecurity hiring, threat modeling, and real-time telemetry systems in response to a rise in targeted game-based exploits.
What Happens Next?
- The Microsoft Store version of CoD: WWII remains offline pending investigation.
- No confirmation yet if players will receive security patches or credit for downtime.
- Activision is expected to publish a CVE bulletin or threat advisory if the issue involves system-level risk.
Key Lessons for the Gaming Industry
- Legacy code must be actively audited before being redistributed.
- Peer-to-peer multiplayer networking is inherently risky in 2025.
- Layoffs affecting security staff can have long-term operational consequences.
If confirmed, this will be one of the few known instances where a triple-A video game has been delisted due to real-world cyberattacks on its player base.