Vx-underground, a cybersecurity and malware research group, has published screenshots of data purported to have been stolen from Activision, including a schedule of planned content to be released for the popular first-person shooter Call of Duty in the coming months. Insider Gaming, a games blog, announced on Monday that it had confirmed a data breach, after obtaining “the entirety” of the stolen data, which Vx-underground did not publish.
This site claims that hackers have stolen employee information, including their full names, emails, phone numbers, salaries, places of work, addresses, and other personal information. Activision spokesperson Joseph Christinat said, “the security of our data is paramount, and we have comprehensive information security protocols in place to ensure that it is kept confidential at all times.”. The information security team of our company swiftly addressed a phishing attempt that occurred on December 4, 2022, and promptly resolved it. As a result of a thorough investigation has determined that no sensitive employee information, game code, or player information has been accessed.” The group wrote that hackers “successfully phished a privileged user on the network” to breach Activision on December 4.
In addition, it should be noted that the Threat Actor also attempted to phish other company employees during his attack. Other employees did not fall victim to phishing and were not fooled by it. Despite this, they did not report the security incident to the Activision Information Security Team on time, as they should have. A series of hacking attacks have been perpetrated against video game companies in recent years. Unsurprisingly, Activision is the latest to fall victim to such an attack.
A hacker published unreleased Grand Theft Auto VI footage online in September last year. At the time, Rockstar Games admitted to stealing confidential information from our systems, including early development footage from the next Grand Theft Auto game, hacked by hackers. At least 130 companies have been targeted by 0ktapus or Scattered Spider during 2022, according to cybersecurity firm Group-IB. It was one of the members of this group who gained notoriety for the hacking of Twilio, a company that provides automated text messaging services to other companies. Among the 130 companies targeted, there were several game developers, including Riot Games and Epic Games.
A data breach at Activision was not notified to employees for months. It was not until last weekend, when cybersecurity and malware research group vx-underground posted on Twitter screenshots of the stolen data as well as the hackers’ messages on Activision’s internal Slack channel, that this breach was revealed. However, the public wasn’t the only one caught off guard by the news of the breach. According to two current Activision employees who spoke anonymously because they were not permitted to speak to the press, Activision has yet to notify its employees of the data breach and whether their data has been stolen.