Activision has confirmed that it had a data breach at the beginning of December 2022. Hackers got into the company’s internal systems by sending an SMS phishing text to a worker and getting them to click on a link. The video game company says the incident hasn’t exposed player information or game source code.
“On December 4, 2022, our information security team quickly dealt with an SMS phishing attempt. After a thorough investigation, we found that no sensitive employee information, game code, or player information had been accessed, “a company representative said.
But vx-underground, a security research group, says that the threat actor “exfiltrated sensitive workplace documents” and the schedule for content releases until November 17, 2023. The researchers shared screenshots showing that the hackers got into an Activision employee’s Slack account on December 2 and tried to get other employees to click on malicious links.
.@Activision was breached December 4th, 2022. The Threat Actors successfully phished a privileged user on the network. They exfiltrated sensitive work place documents as well as scheduled to be released content dating to November 17th, 2023.
— vx-underground (@vxunderground) February 20, 2023
Activision did not tell anyone. pic.twitter.com/urD64iIlC5
Insider Gaming, a video game magazine, has looked at the whole leak and found that it includes full names, email addresses, phone numbers, salaries, work locations, and other information about employees.
The article also says that the employee who was hacked worked in Human Resources and had access to a lot of sensitive employee information.
Insider-Gaming has made a list of all the information about game titles that were revealed by this breach. This includes information about upcoming content bundles for the “Call of Duty: Modern Warfare II” series.
Since the breach happened in December 2022, some of the information that Activision got from it is probably no longer accurate. The game information that was shared online came from marketing materials, and the breach did not affect the development environment.
Conclusion
Activision has confirmed that there was a data breach in early December 2022. Hackers got into the company’s systems by getting a worker to open an SMS phishing message. In the video, the crippled shaper says that the incident hasn’t hurt crippled root codification aliases subordinate details. “On December 4, 2022, our accusation information squad responded quickly to an SMS phishing attempt and ended it quickly.
After a thorough investigation, we hoped that no sensitive worker information, crippled code, or information about subordinates was accessed. But information investigation group vx-underground says that the nan threat character “exfiltrated sensitive activity spot documents” on pinch nan contented merchandise scheduled until November 17, 2023. Screenshots that researchers shared show that the hackers got into a worker’s Slack account on December 2 and tried to trick other workers into clicking on malicious links.