Gaming giant Activision Blizzard allegedly suffered a data breach in early December 2022 where hackers stole sensitive information associated to Activision’s upcoming games and its employees.
Details about the data breach were revealed by cybersecurity and malware research group and Twitter user vx-underground on Sunday who published screenshots of data supposedly stolen from Activision, including the content timelines for the popular first-person shooter “Call of Duty” (CoD) for the year 2023.
vx-underground tweeted that Activision was breached on December 4th, 2022 after the threat actors “successfully phished a privileged user on the network.” As per the screenshots, the hackers had gained access to the Slack account of an Activision employee.
The threat actors also “exfiltrated sensitive workplace documents” along with the content release schedule until November 17, 2023.
“Also worth noting that the Threat Actor(s) did attempt to phish other employees. Other employees did not fall for the phish. However, it appears they did not report the security incident to the Activision Information Security Team,” vx-underground added.
The legitimacy of the above data breach was also confirmed by the video games blog Insider Gaming, which managed to obtain and analyze the entirety of the data breach.
According to their report, the data stolen contains plans for Modern Warfare 2’s upcoming DLC’s, Call of Duty 2023 (Codenamed Jupiter), and Call of Duty 2024 (Codenamed Cerberus), as well as sensitive employee information.
Further, the sensitive employee information obtained includes “full names, emails, phone numbers, salaries, places of work, and more”.
Apparently, the hacked computer belonged to an employee of the Human Resources (HR) department who inadvertently provided the hacker access to private internal information, says Insider Gaming.
In response to the above claims, although Activision acknowledged the data breach that occurred in December 2022, it denied that no employee data, game source code or player details had been accessed.
“The security of our data is paramount, and we have comprehensive information security protocols in place to ensure its confidentiality. On December 4, 2022, our information security team swiftly addressed an SMS phishing attempt and quickly resolved it,” an Activision spokesperson said in a statement to Insider Gaming.
“Following a thorough investigation, we determined that no sensitive employee data, game code, or player data was accessed.”
Video game companies have been the recent targets of data breaches. Last month, the American gaming giant Riot Games confirmed that threat actors targeted it in an unexpected social engineering attack where the game company’s developer environment was compromised.
The threat actors also exfiltrated the source code of the popular games, League of Legends (LoL) and Teamfight Tactics (TFT), as well as its “legacy” anti-cheat platform.