Article Details

'Bad actor' hijacks Apex Legends characters in live matches. Apex Legends players over the weekend experienced disruptions during live matches as threat actors hijacked their characters, disconnected them, and changed their nicknames. Respawn, the publisher of the still popular battle royale-hero shooter, issued a public statement about the security incident, assuring players that it hadn't been caused by an exploit or malware infection. The title continues to have a large user base, with an estimated half a million daily concurrent players across all platforms as of mid-2025. Players have started to report issues since at least Friday, stating that an external actor took control of their characters in-game and attempted to move them off the map. They also shared live gameplay feeds from sessions showing the weird behavior. On Saturday, Respawn acknowledged the problem and published a statement describing "an active security incident where a bad actor is able to control the inputs of another player remotely in Apex Legends." "Based on our initial investigation, we have not identified evidence that suggests the bad actors can install or execute code as in the case of an RCE or injection attack," the company reassured. As Respawn was looking for a solution, players continued to report disruptions, some of them as aggressive as clients being disconnected from servers, and game characters being hijacked. Based on their observations, a player concluded that "someone obtained administrative privileges" and had access to the server's debugging system with elevated privileges that allowed the use of an aimbot cheat and other exploits. Many reported that the nicknames of forcibly disconnected teammates were replaced with 'RSPN Admin'. Roughly six hours after acknowledging the situation, Respawn informed the community that it had resolved the incident, but did not share any additional information about what happened other than hinting that it was related to cheats. "Anti-Cheat is a constant cat-and-mouse game, and your reports are imperative to bringing information to our attention, including the one that helped us today," stated Respawn. BleepingComputer has contacted the game publisher to learn more about the incident, and we will update this post once we receive their response. Last year, Apex Legends players went through a disruptive incident at the North American competition, after hackers compromised players during the tournament matches. The incident forced Electronic Arts to postpone the finals and eroded the community’s trust in the title’s safety. 7 Security Best Practices for MCP As MCP (Model Context Protocol) becomes the standard for connecting LLMs to tools and data, security teams are moving fast to keep these new services safe. This free cheat sheet outlines 7 best practices you can start using today.