On Sunday, the cybersecurity and malware research group vx-underground published screenshots of data purportedly stolen from Activision, including the schedule of planned content to be released for the popular first-person shooter Call of Duty. The publication of these screenshots raised concerns about a potential data breach at Activision.
Confirmation of Data Breach
On Monday, games blog Insider Gaming confirmed that a data breach had indeed occurred after obtaining "the entirety" of the stolen data, which was not published by vx-underground. According to the site, hackers stole employee information such as full names, emails, phone numbers, salaries, places of work, addresses, and more.
Activision’s Response
An Activision spokesperson, Joseph Christinat, released a statement addressing the situation: "The security of our data is paramount, and we have comprehensive information security protocols in place to ensure its confidentiality. On December 4, 2022, our information security team swiftly addressed an SMS phishing attempt and quickly resolved it. Following a thorough investigation, we determined that no sensitive employee data, game code, or player data was accessed."
vx-underground’s Findings
In a tweet, vx-underground wrote that Activision was breached on December 4, after hackers "successfully phished a privileged user on the network." The group also noted that the Threat Actor(s) attempted to phishing other employees, but those attempts were unsuccessful.
A Series of Hacks Against Video Game Companies
Activision is not the only video game company to fall victim to a data breach. In January, Riot Games disclosed a breach in which hackers accessed the company’s development environment, allowing them to steal source code for popular games like League of Legends and Teamfight Tactics.
Earlier in September, hackers published unreleased footage from the upcoming Grand Theft Auto VI. At the time, Rockstar Games admitted that hackers had been able to get their hands on "confidential information from our systems, including early development footage from the next Grand Theft Auto."
Hacking Group 0ktapus Targets Multiple Companies
Throughout 2022, a hacking group known as 0ktapus (or Scattered Spider) targeted at least 130 companies, according to cybersecurity firm Group-IB. The group gained notoriety for hacking the cloud communications company Twilio, which provides other companies with services such as sending automated text messages to their users.
Data Breach Details
The data breach at Activision raises concerns about the security of employee and player data. According to vx-underground, hackers stole employee information, including full names, emails, phone numbers, salaries, places of work, addresses, and more. However, it is unclear whether any sensitive employee or player data was accessed.
What You Can Do
If you have been affected by the Activision data breach, we encourage you to take steps to protect your personal information. This includes changing your passwords, monitoring your accounts for suspicious activity, and being cautious when receiving emails or messages from unknown sources.
Contact Us
If you have more information about this data breach, we would love to hear from you. You can contact us securely using Signal at +1 917 257 1382, Wickr, Telegram, and Wire @lorenzofb, or email lorenzo@techcrunch.com.
Additional Resources
For more information on the Activision data breach and other cybersecurity news, please visit our website. We will continue to provide updates as more information becomes available.
Related Stories
- Anduril to build its billion-dollar weapons megafactory in Ohio
- Clop ransomware gang names dozens of victims hit by Cleo mass-hack, but several firms dispute breaches
- Governments call for spyware regulations in UN Security Council meeting
Security News You May Have Missed
- PowerSchool data breach victims say hackers stole ‘all’ historical student and teacher data
- Clop ransomware gang names dozens of victims hit by Cleo mass-hack, but several firms dispute breaches
- Governments call for spyware regulations in UN Security Council meeting