Cybersecurity research group vx-underground previously reported that a high-ranking Activision official fell victim to an SMS-based phishing attack on December 4, 2023. After gaining access to her Slack account, the hackers managed to download a number of internal documents revealing an incomplete 2023 roadmap for Call of Duty games. The victim realized what has transpired after the attackers used her account to post an inflammatory message to one of the company's Slack channels, presumably after already stealing all of the internal data they could get their hands on, including employee contact information.
While Activision did not disclose the breach publicly, it also failed to do so internally, TechCrunch reports, citing anonymous accounts from two current staffers, one of whom described the situation as problematic, positing that the company should have notified any employees whose data was compromised. According to the original report detailing the attack, this lack of communication was actually a two-way issue; the Activision official who fell for the scam was not the only staffer targeted by the attackers, but those who correctly identified malicious SMS messages as phishing attempts also failed to report them to the company's security team. While there's no guarantee this would have prevented the data breach, it likely inhibited Activision's response to the incident, which was ultimately only identified after the attackers revealed themselves voluntarily.
Also worth noting that the Threat Actor(s) did attempt to phish other employees. Other employees did not fall for the phish. However, it appears they did not report the security incident to the Activision Information Security Team pic.twitter.com/24HDC9TNQK
— vx-underground (@vxunderground) February 20, 2023
Apart from vague product plans, the 2022 data breach reportedly compromised employee names, work email addresses, telephone numbers, and office locations. Activision determined no player data, game code, or "sensitive" employee information was leaked as a result of the attack, according to a company spokesperson. Their statement did not elaborate on the decision not to communicate the incident to the affected employees, possibly because the company was not legally obliged to do so. In terms of potential impact, this is far from the worst security breach that Activision suffered in recent history.
Game developers, especially Fortune 500 ones, remain a popular target among hackers. Mere weeks after the aforementioned incident, Riot Games fell victim to a much more serious attack that saw unknown actors exfiltrate uncompiled source code for a number of its games and internal tools. The studio subsequently refused to pay ransom for stolen League of Legends source code, having said as much in a recent update.
Posted:
Related Forum: Call of Duty Forum
Source: https://gamerant.com/activision-employees-data-hacked-twitter/
"Activision Employees Learned Their Data Was Hacked from Twitter" :: Login/Create an Account :: 3 comments