Hackers Steal Upcoming Games, Employee Data In Activision Data Breach

Gaming giant Activision Blizzard allegedly suffered a data breach in early December 2022 where hackers stole sensitive information associated to Activisionโ€™s upcoming games and its employees.

Details about the data breach were revealed by cybersecurity and malware research group and Twitter user vx-underground on Sunday whoย published screenshotsย of data supposedly stolen from Activision, including the content timelines for the popular first-person shooter โ€œCall of Dutyโ€ (CoD) for the year 2023.

vx-underground tweeted that Activision was breached on December 4th, 2022 after the threat actors โ€œsuccessfully phished a privileged user on the network.โ€ As per the screenshots, the hackers had gained access to the Slack account of an Activision employee.

The threat actors also “exfiltrated sensitive workplace documents” along with the content release schedule until November 17, 2023.

โ€œAlso worth noting that the Threat Actor(s) did attempt to phish other employees. Other employees did not fall for the phish. However, it appears they did not report the security incident to the Activision Information Security Team,โ€ vx-underground added.

The legitimacy of the above data breach was also confirmed by the video games blog Insider Gaming, which managed to obtain and analyze the entirety of the data breach.

According to their report, the data stolen contains plans for Modern Warfare 2โ€™s upcoming DLCโ€™s, Call of Duty 2023 (Codenamed Jupiter), and Call of Duty 2024 (Codenamed Cerberus), as well as sensitive employee information.

Further, the sensitive employee information obtained includes โ€œfull names, emails, phone numbers, salaries, places of work, and moreโ€.

Apparently, the hacked computer belonged to an employee of the Human Resources (HR) department who inadvertently provided the hacker access to private internal information, says Insider Gaming.

In response to the above claims, although Activision acknowledged the data breach that occurred inย Decemberย 2022, it denied that no employee data, game source code or player details had been accessed.

โ€œThe security of our data is paramount, and we have comprehensive information security protocols in place to ensure its confidentiality. On December 4, 2022, our information security team swiftly addressed an SMS phishing attempt and quickly resolved it,โ€ an Activision spokesperson said in a statement to Insider Gaming.

“Following a thorough investigation, we determined that no sensitive employee data, game code, or player data was accessed.”

Video game companies have been the recent targets of data breaches. Last month, the American gaming giant Riot Games confirmed that threat actors targeted it in an unexpected social engineering attack where the game companyโ€™s developer environment was compromised.

The threat actors also exfiltrated the source code of the popular games, League of Legends (LoL) and Teamfight Tactics (TFT), as well as its โ€œlegacyโ€ anti-cheat platform.

Kavita Iyer
Kavita Iyerhttps://www.techworm.net
An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human!!!

Read More

Suggested Post