Apex Legends players over the weekend experienced disruptions during live matches as threat actors hijacked their characters, disconnected them, and changed their nicknames.
Respawn, the publisher of the still popular battle royale-hero shooter, issued a public statement about the security incident, assuring players that it hadn't been caused by an exploit or malware infection.
The title continues to have a large user base, with an estimated half a million daily concurrent players across all platforms as of mid-2025.
Players have started to report issues since at least Friday, stating that an external actor took control of their characters in-game and attempted to move them off the map.
They also shared live gameplay feeds from sessions showing the weird behavior.
On Saturday, Respawn acknowledged the problem and published a statement describing "an active security incident where a bad actor is able to control the inputs of another player remotely in Apex Legends."
"Based on our initial investigation, we have not identified evidence that suggests the bad actors can install or execute code as in the case of an RCE or injection attack," the company reassured.
As Respawn was looking for a solution, players continued to report disruptions, some of them as aggressive as clients being disconnected from servers, and game characters being hijacked.
Based on their observations, a player concluded that "someone obtained administrative privileges" and had access to the server's debugging system with elevated privileges that allowed the use of an aimbot cheat and other exploits.
Many reported that the nicknames of forcibly disconnected teammates were replaced with 'RSPN Admin'.
... continue reading