Activision confirms data breach exposing employee and gaming information

Activision confirmed it suffered a data breach in early December 2022 after hackers gained access to the company’s internal systems by tricking an employee with a phishing text message.

The video game maker says the incident did not compromise the game’s source code or player details.

“On December 4, 2022, our Information Security team promptly addressed a text message phishing attempt and quickly resolved it. After a thorough investigation, we determined that no sensitive employee data, game code or player data had been accessed,” a company spokesperson told BleepingComputer. .

However, security research group vx-underground claims the threat actor “exfiltrated sensitive workplace documents” along with the content release schedule until November 17, 2023.

Screenshots shared by researchers show that hackers gained access to an Activision employee’s Slack account on December 2 and attempted to trick other employees into clicking on malicious links.


Video game publication “Insider Gaming” has obtained and analyzed the entire leak, reports that the cache contains full names, email addresses, phone numbers, salaries, work locations, and other employee details.

Additionally, the publication claims that the hacked employee belonged to the HR department and had access to swathes of sensitive employee details.

‘Insider-Gaming’ has list all content related to the game’s title revealed by this breach, which includes upcoming content packs for the “Call of Duty Modern Warfare II” franchise.

Given that the breach occurred in December 2022, some information obtained by Activision may now appear outdated.

BleepingComputer did not have access to the leaked data, but we learned that game information shared online was based on marketing materials and the development environment was unaffected by the breach.


Source link