Heimdal
article featured image

Contents:

Game developer Activision confirms that it suffered a data breach in December 2022. The threat actors gained access to the company’s internal systems by tricking an employee with an SMS phishing text.

The company declared that the incident has not compromised the games’ source code or player details.

What Did the Breach Reveal?

BleepingComputer reached out to Activision to gain more information on the breach. A spokesperson declared the following:

On December 4, 2022, our information security team swiftly addressed an SMS phishing attempt and quickly resolved it. Following a thorough investigation, we determined that no sensitive employee data, game code, or player data was accessed.

Activision Spokesperson (Source: BleepingComputer)

However, according to security research group vx-underground, the threat actor also “exfiltrated sensitive workplace documents” together with the content release schedule for 2023.

The researchers shared screenshots showing that during the cyberattack the threat actors gained access to an employee’s Slack account and tried to trick other employees into accessing malicious links.

Video game publication Insider Gaming obtained and analyzed the entire leak, showing that the cache contained full names, phone numbers, email addresses, work locations, salaries, and other sensitive information of the Activision employees. Insider Gaming also claims that the employee hacked was part of the Human Resources department and had access to a large amount of employee details.

BleepingComputer had no access to the leaked data but has learned that the information on games shared online was based on marketing materials. Fortunately, the development environment was not affected by the breach.

Game Developers and Publishers, Targeted More Often

Leaks on game developers have become increasingly popular recently. Popular or highly anticipated games are heavily targeted by threat actors to demand ransomware from the publishers or just to leak materials on the Internet in hope of speeding up the releases. A highly covered incident occurred last year, when Rockstar Games and its parent company, Take-Two Interactive, had footage leaked of one of the most anticipated games ever to release, GTA VI.

A more recent incident involved League of Legends developer, Riot Games, which fell for a social engineering attack, leading to threat actors demanding $10 million to not release the sensitive information they got a hold on.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.

Author Profile

Cristian Neagu

CONTENT EDITOR

linkedin icon

Cristian is a Content Editor & Creator at Heimdal®, where he developed a deep understanding of the digital threat landscape. His style resonates with both technical and non-technical readers, proof being in his skill of communicating cybersecurity norms effectively, in an easy-to-understand manner.

Leave a Reply

Your email address will not be published. Required fields are marked *

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE