Activision has acknowledged that a data breach occurred in early December 2022 as a result of hackers tricking an employee with an SMS phishing text in order to access the company’s internal systems. According to the video game developer, neither player information nor the game’s source code was affected by the event.
“On December 4, 2022, our information security team swiftly addressed an SMS phishing attempt and quickly resolved it. Following a thorough investigation, we determined that no sensitive employee data, game code, or player data was accessed,” a company spokesperson said to one of the leading media houses.
According to security research firm vx-underground, the threat actor “exfiltrated sensitive work place documents,” along with the content release schedule through November 17, 2023. The screenshots provided by the researchers reveal that hackers got access to one Activision employee’s Slack account on December 2 and had attempted to lure other staff members into clicking potentially harmful links.
The video game publication “Insider Gaming” reported that the whole cache of employee information contains full names, email addresses, phone numbers, incomes, offices, and other information. The publication further asserts that the hacked worker was from the human resources division and had access to a wide range of private employee information.
Future DLC packages for the “Call of Duty Modern Warfare II” series are among the game titles-related information disclosed by this leak that has been noted by “Insider-Gaming.” Considering that the hack happened in December 2022, some of the info Activision was able to collect may be out of date right now. The media was not given access to the leaked information. Still, it has been discovered that the online game information was based on marketing materials and that the production environment was not compromised.