Activision confirmed a data breach in early December 2022, revealing that hackers used SMS phishing to gain access to the company’s internal systems via an employee. The breach did not affect player details or game source code, as confirmed by the video game maker. The SMS phishing attempt was promptly resolved by Activision’s information security team on December 4, 2022.
However, security research group vx-underground discovered that sensitive workplace documents and the content release schedule up to November 17, 2023, were obtained by the threat actor. Screenshots shared by the researchers showed that the hackers infiltrated an Activision employee’s Slack account on December 2 and tried to deceive other employees by providing them with malicious links.
Video game publication ‘Insider Gaming’ has obtained and analyzed the entire leak, and their report reveals that the cache contains extensive employee details, including full names, email addresses, phone numbers, salaries, and work locations.
According to the publication, the breached employee was from the Human Resources department and had access to a appreciable amount of sensitive employee information.
Furthermore, ‘Insider-Gaming’ has compiled a list of game title-related content that was exposed by the breach, which includes upcoming content bundles for the ‘Call of Duty Modern Warfare II franchise.
It is worth noting that the breach occurred in December 2022, and some of the information obtained by Activision may be outdated by now.
