Game developer Activision confirms that it suffered a data breach in December 2022. The threat actors gained access to the company’s internal systems by tricking an employee with an SMS phishing text.
The company declared that the incident has not compromised the games’ source code or player details.
What Did the Breach Reveal?
BleepingComputer reached out to Activision to gain more information on the breach. A spokesperson declared the following:
On December 4, 2022, our information security team swiftly addressed an SMS phishing attempt and quickly resolved it. Following a thorough investigation, we determined that no sensitive employee data, game code, or player data was accessed.
Activision Spokesperson (Source: BleepingComputer)
However, according to security research group vx-underground, the threat actor also “exfiltrated sensitive workplace documents” together with the content release schedule for 2023.
The researchers shared screenshots showing that during the cyberattack the threat actors gained access to an employee’s Slack account and tried to trick other employees into accessing malicious links.
.@Activision was breached December 4th, 2022. The Threat Actors successfully phished a privileged user on the network. They exfiltrated sensitive work place documents as well as scheduled to be released content dating to November 17th, 2023.
Activision did not tell anyone. activision breached happened
