In a shocking turn of events, Activision has urgently taken Call of Duty: WWII offline for PC users following a severe hacker attack that exploited vulnerabilities in the game’s outdated peer-to-peer (P2P) matchmaking system. The breach allowed malicious actors to execute remote code execution (RCE) exploits, enabling them to take control of players’ computers during live multiplayer matches, sparking widespread chaos in the gaming community.
The vulnerability, rooted in the game’s P2P networking model, which directly connects players’ systems without a secure intermediary server, left PCs exposed to attacks.
Hackers leveraged this flaw to run arbitrary code, resulting in disruptive and alarming incidents. Reports flooded social media, with players describing their systems being hijacked mid-game — some faced forced PC shutdowns, others saw Notepad pop-ups with taunting messages, and in extreme cases, explicit content was displayed on secondary monitors.
Streamers, in particular, were targeted, with some attacks occurring live on air, amplifying the issue’s visibility.
For instance, a viral post by user @Wrioh75753 on July 3, 2025, warned, “I JUST GOT HACKED PLAYING WW2! EVERYONE DO NOT PLAY WW2 ON GAMEPASS!”
The timing of the attack is particularly notable, as Call of Duty: WWII, a 2017 title, had recently been added to Xbox and PC Game Pass on June 30, 2025, drawing a surge of new and returning players. Many assumed that a Game Pass release, backed by Microsoft’s ownership of Activision since 2023, would include updated security measures.
However, unlike other titles such as Black Ops III, which received security patches for its Game Pass debut, WWII appears to have been re-released without adequate protections, leaving it vulnerable to exploits that have plagued older Call of Duty games for years.
The P2P matchmaking system, considered archaic compared to modern dedicated server models, exposes players’ IP addresses and simplifies the injection of malicious code. The absence of Activision’s “Ricochet” anti-cheat system, introduced in 2019 with Call of Duty: Modern Warfare, further exacerbated the issue, as WWII predates this technology and lacks its kernel-level defenses.
Cybersecurity researchers have long warned about RCE vulnerabilities in older Call of Duty titles, but the scale of this incident — coinciding with the game’s Game Pass launch — has brought renewed scrutiny to the security of legacy games.
Activision has responded by pulling Call of Duty: WWII from the Microsoft Store, though the game remains available on Steam and through PC Game Pass. The company has issued a strong advisory urging players to avoid playing the game online until the vulnerability is patched. Ten Call of Duty titles, including WWII, were briefly taken offline for maintenance on July 7, 2025, but Activision has not confirmed whether this was directly related to the RCE exploits or provided a timeline for a fix.
The lack of clear communication has fueled frustration, with some players noting bizarre “calling cards” left by hackers, such as images of an Activision lawyer, interpreted as a mocking jab at the company’s focus on legal battles over anti-cheat enforcement rather than securing legacy titles.
Also read:
- AI That Pieces Your Day Together: Reclaim AI to the Rescue
- Turkey Blocks PancakeSwap and CryptoRadar, Citing Unauthorized Crypto Services
- Get Guaranteed Traffic From 1M+ Monthly Crypto Enthusiasts
The incident has sparked broader concerns about the safety of older games on modern platforms like Game Pass. Players and cybersecurity experts are calling for Activision and Microsoft to prioritize regular vulnerability assessments, transition to dedicated server architectures, and implement robust security updates for legacy titles.
Until a patch is released, players are strongly advised to avoid Call of Duty: WWII’s multiplayer mode on PC, disable inbound firewall rules related to the game, and ensure antivirus software is active.
For now, the WWII community remains on edge, awaiting answers and a secure return to the battlefield.
