Respawn Entertainment, the studio behind the popular battle royale game Apex Legends, is actively investigating a serious security vulnerability. This flaw enabled an unauthorised individual to take remote control of players' characters during live matches, manipulating their movements and actions without consent.
How the Apex Legends Security Incident Unfolded
The gaming company confirmed the security issue on the social media platform X, formerly known as Twitter. Respawn stated it was developing a fix after identifying that a "bad actor" managed to remotely direct the inputs of other players. The suspicious activity came to light this week following multiple player reports of their characters performing actions independently.
In an official post on X, Respawn wrote: "We are aware of an active security incident where a bad actor is able to control the inputs of another player remotely in @PlayApex. Based on our initial investigation, we have not identified evidence that suggests the bad actors can install or execute code as in the case of an RCE or injection attack. We are actively working on a solution and will update you when we have more information."
The development team was able to mitigate the immediate threat within several hours of the initial reports. Shortly after, they shared a follow-up message confirming resolution: "Hey legends, This incident is now resolved with the help of our community. Anti-Cheat is a constant cat-and-mouse game and your reports are imperative to bringing information to our attention, including the one that helped us today. Thanks for your patience as our teams jumped to tackle and resolve this issue."
Player Accounts of the Remote Control Hack
Multiple Apex Legends users reported being victims of this alarming hack. A post on the game's Reddit forum appeared hours before Respawn's statement, detailing a similar attack. One user, 'Low_Woodpecker_6329', described a harrowing scenario where teammates were forcibly disconnected one by one, yet their in-game characters continued to play as if controlled by another entity.
The hijacked character's username was also changed, suggesting the hacker inserted themselves into the team. When the original player managed to reconnect, they regained control but found their character in a completely different location, proving it had been played during their absence. Other affected teammates, rejoining as spectators, reportedly witnessed similar incidents happening to other players across the map.
Another user on X, 'Juicyshmooves_', shared a similar report. Supporting accounts in the Reddit thread added that hijacked players would often run towards a specific character, a level 52 Bangalore with a username ending in "tryingPC"—the same suffix as the player who eliminated the hijacked teammates.
Respawn's Priority and the Road Ahead
This security breach represents a significant challenge for the competitive integrity of Apex Legends, which boasts a massive global player base. The development team is treating the ability for an outside party to override player controls as a top priority to protect the game's competitive environment.
While the quick fix has addressed the current exploit, Respawn is working on a permanent solution to prevent such occurrences in the future. This incident follows previous security challenges for the high-stakes shooter, highlighting the ongoing battle developers face against sophisticated hackers in the online gaming space. The studio's rapid response underscores its commitment to player safety, relying heavily on community reports to identify and neutralise threats swiftly.
