CoD Elite security risk: passwords sent as plain text

Activision is denying reports that passwords for its Call of Duty Elite service, run by Beachhead studios, are stored as plain text, without encryption - though the retrieval system seems to suggest otherwise.

After requesting that their password to be sent to them, several users have reported that the password for the multiplayer stat tracking service showed up in plain text format. This has led some to worry that their details could be easily accessed by hackers or other nefarious users.

When pressed for comment, Activision told Eurogamer: "All Call of Duty Elite personal data, including passwords are saved and stored using encryption."

"Call of Duty Elite does not store any sensitive data in plain text. Currently, the only time passwords are sent in plain text is upon request from the registrant and only to the registered email address."

Even if passwords are only being sent out in plain text once requested, this still represents a security risk. However, with this brought to the attention of the publisher and the public, Activision is now keen to do something about it.

"We are in the process of altering our password recovery procedure so that passwords are no longer delivered in plain text. That change will be implemented as soon as testing is completed."

Call of Duty Elite tracks statistics across several CoD titles, though has had intermittent service since it was began at the start of November. This was apparently due to unexpectedly high demand, which has peaked at over four million registrants and a million paying subscribers.