A threat actor has posted data about alleged data stolen from US game publisher Activision in December 2022 on a hacking forum, highlighting the value of data for phishing operations.

In a forum post on the Breached hacking forum, a website used by threat actors to sell and post stolen data, hackers claim to have stolen data from the Activision Azure database.

The leaked data consists of 19,444 unique records containing the full names, phone numbers, job titles, locations and email addresses of alleged Activision employees. The dump is offered free of charge to all forum members in a text file.

The forum post was first spotted by threat intelligence platform FalconFeedsio, which flagged the potential data leak. on Twitter.

On February 21, 2023, Activision confirmed that it suffered a data breach in early December 2022 after hackers tricked an HR employee into smishing his credentials.

“On December 4, 2022, our Information Security team promptly addressed a text message phishing attempt and quickly resolved it. After a thorough investigation, we determined that no sensitive employee data, game code or player data had been accessed,” a company spokesperson said. says BleepingComputer.

At the time, the video game maker assured that the incident did not compromise the game’s source code or player details and told BleepingComputer that all leaked details about the upcoming game’s content already did. part of public marketing materials.

Additionally, Activision said that after conducting a thorough internal investigation, it determined that the intruders did not steal any sensitive employee data.

This contrasted with media claims, such as Insider gamewho reviewed the stolen data, reporting that it contained sensitive employee details that matched what was leaked today.

Appearing the employee database on a forum makes it widely accessible to a wider audience, including a very popular forum used by threat actors, increasing the chances of Activision employees being targeted through phishing and social engineering attacks.

BleepingComputer has contacted Activision about allegedly leaked employee data, and we’ll update this message as soon as we receive a response.