Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed

Search

Activision Confirms Data Breach Exposing Employee and Game Info

Activision has confirmed that it suffered a data breach in early December 2022 after attackers gained access to the company’s internal systems by tricking an employee with an SMS phishing text. The video game maker says that the incident has not compromised game source code or player details. “On December 4, 2022, our information security team swiftly addressed an SMS phishing attempt and quickly resolved it. Following a thorough investigation, we determined that no sensitive employee data, game code, or player data was accessed,” a company spokesperson told reporters. However, security research group vx-underground says that the threat actor “exfiltrated sensitive work place documents” along with the content release schedule until November 17, 2023. Screenshots shared by the researchers show that the hackers had gained access to the Slack account of an Activision employee on December 2 and tried to trick other employees into clicking malicious links. Video game publication ‘Insider Gaming’ has obtained and analyzed the entire leak, reporting that the cache contains full names, email addresses, phone numbers, salaries, work locations, and other employee details. Moreover, the publication claims that the hacked employee was from the Human Resources department and had access to swaths of sensitive employee details. ‘Insider-Gaming’ has listed all the game title-related content revealed by this breach, which includes upcoming content bundles for the ‘Call of Duty Modern Warfare II’ franchise. Since the breach occurred in December 2022, some information obtained from Activision is likely to appear outdated now.

Analyst Notes

Advise employees not to open links arriving in unexpected SMS messages. If a business sends an unexpected text, look up their number online and call them back to verify if they sent the message. Suspicious links should only be opened in a controlled, safe environment, such as a resettable virtual machine image. That way, if the link points to malicious code, it won’t execute on a device that contains sensitive information.

https://www.bleepingcomputer.com/news/security/activision-confirms-data-breach-exposing-employee-and-game-info/