iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Video game publisher Activision suffered an apparent hack last year that saw employee accounts compromised and important development roadmaps exfiltrated.
Malware tracking site vx-underground reported that the attack took place on 4 December 2022 and that the company has so far stayed quiet about it.
In a tweet posted this week, vx-underground shared screenshots of what looks to be a spreadsheet marking out important dates for rolling out content for its Modern Warfare 2 title, with landmark releases through to October this year. For instance, the document shows that season six of the game will run between 15 September and 18 November 2023 and that a range of new content will be released for the season, including new operators, weapons, and maps.
The tweet also shows the phishing attempt that apparently gave the unknown threat actor access to Activision’s network, as well as a malicious post in one of the company’s slack channels. The hacker apparently used SMS phishing, pretending to send employment review details to Activision employees, though vx-underground does note that it appears some employees did not fall for the attack.
“Activision was breached December 4th, 2022,” the first tweet read. “The Threat Actors successfully phished a privileged user on the network. They exfiltrated sensitive workplace documents as well as scheduled to-be-released content dating to November 17th, 2023.”
“Activision did not tell anyone,” it added.
However, some of the dates in the leaked spreadsheet do not match the current dates that Activision has released for its upcoming content. According to Insider Gaming, the leaked files were passed on to vx-underground after the hacker was unable to sell the data. The whole package reportedly includes personal details of a number of Activision employees, accessed via a human resources officer who fell victim to the phishing attempt.
Activision has acknowledged the hack, however, after releasing a statement yesterday (21 February).
“The security of our data is paramount, and we have comprehensive information security protocols in place to ensure its confidentiality,” the statement read. “On December 4, 2022, our information security team swiftly addressed an SMS phishing attempt and quickly resolved it. Following a thorough investigation, we determined that no sensitive employee data, game code, or player data was accessed.”
Activision’s statement seems to contradict that of some sources reporting that personal details – including salaries and email addresses – were leaked. However, Activision does not seem to have filed any breach notices recently – though it must be noted that only a handful of US states actively report such breaches.
We’ll continue to monitor this situation.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
