If you click on a link and make a purchase we may receive a small commission. Read our editorial policy.

Activision denies storing Call of Duty Elite passwords in plain text

But promises to change password recovery procedure.

Activision has denied storing Call of Duty Elite passwords in plain text - but has admitted emailing them to customers in plain text form when they ask to recover them.

We were sent our Call of Duty Elite password in plain text form in an email after asking the PlayStation 3 and Xbox 360 stat tracking and social platform to retrieve it. The email is below.

This suggests Activision either stores player passwords on its servers in plain text format or in some retrievable version - and that if hackers were to find a way inside Activision's servers, they could use them.

But Activision insisted it encrypts all customer data.

"All Call of Duty Elite personal data, including passwords are saved and stored using encryption," Activision told Eurogamer.

"Call of Duty Elite does not store any sensitive data in plain text. Currently, the only time passwords are sent in plain text is upon request from the registrant and only to the registered email address."

Most companies that store information use one-way encryption software that ensures they never actually know what their customer passwords are.

Now, Activision has promised to stop sending passwords in plan text. "We are in the process of altering our password recovery procedure so that passwords are no longer delivered in plain text," the company continued. "That change will be implemented as soon as testing is completed."

One million people pay for the premium subscription to Call of Duty Elite, which costs £35 a year. But over four million have registered.

"Password management is the bane of the IT security administrator," Robert Siciliano, CEO of IDTheftSecurity.com, told Eurogamer.

"But it doesn't need to be. Systems where the users email is used to send a password change request that requires the user to enter a new password is much more effective and secure than transmitting an unencrypted plain text password via email."

You're not signed in!

Create your ReedPop ID & unlock community features and much, much more!

Create account
About the Author
Wesley Yin-Poole avatar

Wesley Yin-Poole

Deputy Editorial Director

Wesley is deputy editorial director of ReedPop. He likes news, interviews, and more news. He also likes Street Fighter more than anyone can get him to shut up about it.

Eurogamer.net logo

Buy things with globes on them

And other lovely Eurogamer merch in our official store!

Explore our store
Eurogamer.net Merch