The Microsoft Store and Game Pass version of the 2017 shooter has been shelved for now while Activision scrambles to slap on a patch. The company vaguely blamed “reports of an issue” last week without bothering to mention that several players were getting digitally mugged mid-game.

TechCrunch spoke to a source who confirmed that the title was pulled because of the exploit.

This version of the game was based on older code that hadn’t been patched like the Steam release. Predictably, Activision didn’t answer any of the multiple requests for comment.

Players had already raised the alarm on social media. One Reddit user warned, “The game is not safe to play on PC right now, there’s an RCE exploit.”

For those not fluent in infosec lingo, that’s a bug that lets hackers slip in and run code remotely, often planting malware that gives them full control of the device.

According to Activision’s status page, the Microsoft Store and Game Pass release is still offline. The Steam version, which had patched the vulnerability, is apparently safe.

Activision has been having a bit of a hacking problem lately. In November 2024, someone poked a hole in the anti-cheat software and used it to ban thousands of legit players. Earlier the same year, infostealer malware targeted players directly. And in 2023, hackers exploited an ancient unpatched bug in Call of Duty: Modern Warfare to spread a computer worm.

Some in the gaming world have responded to these threats by beefing up their cybersecurity. Activision, naturally, opted to cut jobs including some from its own cybersecurity teams. Maybe not the wisest move given the company’s knack for leaving back doors wide open.