On the hacker forum Breached data was published, and it is very possible that it was stolen from the American game publisher Activision. Attackers emphasize that this information can be valuable for phishing operations.
By the way, we wrote that Cyberpunk 2077 patch 1.2 release postponed due to attack on CD Projekt Red, and also that HelloKitty ransomware was behind hacking of CD Projekt Red.Let me remind you that last week, Activision reported a security breach that occurred in early December 2022. It turned out that hackers gained access to one of the company’s internal Slack channels and stole data, and the incident became publicly known only thanks to a report by information security experts and publications in the media.
So, VX-underground specialists published on Twitter a number of edited screenshots received directly from the attackers. The screenshots, dated December 4, 2022, showcase Activision’s confidential working papers related to the Call of Duty franchise, as well as the content release schedule for the coming year, through November 17.
The researchers reported that the hack was carried out due to a successful phishing attack on one of the company’s employees. After that, the hackers penetrated the Activision Slack channel, and also tried to compromise other employees, but no one else fell for phishing. At the same time, Vx-underground emphasized that Activision generally kept silent about this attack.
As a result, company representatives were forced to confirm the fact of hacking, but assured that the incident did not affect the source codes of the games and the personal data of the players.
As Bleeping Computer now reports, a message has appeared on the Breached hack forum from hackers who claim that they are the ones who hacked Activision. The publicly released dump contains 19,444 unique entries, including full names, phone numbers, job titles, locations, and email addresses of company employees.
Interestingly, Activision previously stated that after a thorough internal investigation, it was possible to establish that the attackers did not steal confidential employee data.
At the same time, Insider Gaming wrote that it analyzed this leak in its entirety, and among the stolen information there are full names, email addresses, phone numbers, salaries and other employee data. Moreover, according to journalists, the Activision employee compromised by hackers works in the personnel department and generally had access to a large amount of confidential data.