Activision has confirmed that it suffered a data breach in early December 2022 after hackers gained access to the company’s internal systems by tricking an employee with an SMS phishing text.
The video game maker says that the incident has not compromised game source code or player details.
“On December 4, 2022, our information security team swiftly addressed an SMS phishing attempt and quickly resolved it. Following a thorough investigation, we determined that no sensitive employee data, game code, or player data was accessed,” a company spokesperson told BleepingComputer.
However, security research group vx-underground says that the threat actor “exfiltrated sensitive work place documents” along with the content release schedule until November 17, 2023.
Screenshots shared by the researchers show that the hackers had gained access to the Slack account of an Activision employee on December 2 and tried to trick other employees into clicking malicious links.
Video game publication ‘Insider Gaming’ has obtained and analyzed the entire leak, reporting that the cache contains full names, email addresses, phone numbers, salaries, work locations, and other employee details.
Moreover, the publication claims that the hacked employee was from the Human Resources department and had access to swaths of sensitive employee details.
‘Insider-Gaming’ has listed all the game title-related content revealed by this breach, which includes upcoming content bundles for the ‘Call of Duty Modern Warfare II’ franchise.
Since the breach occurred in December 2022, some information obtained by Activision is likely to appear outdated now.
BleepingComputer had no access to the leaked data but we learned that that the game information shared online was based on marketing materials and the development environment was not affected by the breach.