Activision Admits Data Breach Exposing Employee And Game Info

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | Feb 21, 2023 02:29 pm PST

Activision has confirmed that it had a data breach at the beginning of December 2022. Hackers got into the company’s internal systems by sending an SMS phishing text to a worker and getting them to click on a link. The video game company says the incident hasn’t exposed player information or game source code.

“On December 4, 2022, our information security team quickly dealt with an SMS phishing attempt. After a thorough investigation, we found that no sensitive employee information, game code, or player information had been accessed, “a company representative said.

But vx-underground, a security research group, says that the threat actor “exfiltrated sensitive workplace documents” and the schedule for content releases until November 17, 2023. The researchers shared screenshots showing that the hackers got into an Activision employee’s Slack account on December 2 and tried to get other employees to click on malicious links.

Insider Gaming, a video game magazine, has looked at the whole leak and found that it includes full names, email addresses, phone numbers, salaries, work locations, and other information about employees.

The article also says that the employee who was hacked worked in Human Resources and had access to a lot of sensitive employee information.

Insider-Gaming has made a list of all the information about game titles that were revealed by this breach. This includes information about upcoming content bundles for the “Call of Duty: Modern Warfare II” series.

Since the breach happened in December 2022, some of the information that Activision got from it is probably no longer accurate. The game information that was shared online came from marketing materials, and the breach did not affect the development environment.


Activision has confirmed that there was a data breach in early December 2022. Hackers got into the company’s systems by getting a worker to open an SMS phishing message. In the video, the crippled shaper says that the incident hasn’t hurt crippled root codification aliases subordinate details. “On December 4, 2022, our accusation information squad responded quickly to an SMS phishing attempt and ended it quickly.

After a thorough investigation, we hoped that no sensitive worker information, crippled code, or information about subordinates was accessed. But information investigation group vx-underground says that the nan threat character “exfiltrated sensitive activity spot documents” on pinch nan contented merchandise scheduled until November 17, 2023. Screenshots that researchers shared show that the hackers got into a worker’s Slack account on December 2 and tried to trick other workers into clicking on malicious links.

Notify of
2 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Jake Moore
Jake Moore , Global Cyber Security Advisor
InfoSec Expert
February 22, 2023 3:07 pm

“With increasing data breaches, we have learnt over time that openness is the safest approach to staff, customers and branding in the wake of a cyberattack. Furthermore, staff should never be accused of a successful intrusion, and it remains vital that organisations are up front from the outset. Covering up the extent of a breach will only ever end in disastrous tones overshadowing a company in share price and in current times it is often inevitable that an attack will be attempted.

Those affected in this breach should have been contacted immediately due to the dangers in exposure of email addresses and other information which could lead to convincing phishing campaigns masquerading as genuine organisations. Whilst companies must also consider better staff cybersecurity training, anyone affected by this breach should be extremely cautious of any new communications that requests further information, personal, financial or otherwise. At the same time, no amount of security awareness training will be enough to completely stop such attack attempts as the attackers only need to dupe one person in the company – that’s why organisations of this size need to have security monitoring teams (EDR, SOC, or at least some MSP) that can identify incidents in a timely manner and react swiftly.”

Last edited 6 months ago by Jake Moore
Teppo Halonen
Teppo Halonen , Vice President, EMEA
InfoSec Expert
February 22, 2023 2:50 pm

“Over the past twelve months we’ve seen cybercriminals set their sights on the gaming industry, and Activision appears to be the latest in a growing line of victims. Gaming today relies on cloud technology, to help users play anywhere in the world – meaning more devices, more users, and a larger attack surface. So, whether attackers are going after stolen source code from unreleased games or customers’ personal information – with such a huge user base, there are massive amounts of sensitive data at risk.”

“Following other recent attacks like those on Bandai Namco and Rockstar Games, publishers must be able to identify cybercriminal behaviour and alert security teams before an attack becomes a breach. With attackers now able to bypass prevention, circumvent signatures, infiltrate, blend in, and progress laterally inside and around an organisation – this ‘unknown threat’ is the most significant risk facing games publishers today.”

“Security teams need less, through better signal clarity. Signal clarity is the difference between time spent maintaining signatures, detection rules and triaging alerts and time spent investigating and responding to attacks. Ultimately, by identifying the signs of an attack in progress – and stopping it in its trackers – analysts can significantly lower business risk.”

Last edited 6 months ago by Teppo.Halonen

Recent Posts

Would love your thoughts, please comment.x