Security breaches are happening more frequently than any of us anticipated. Last week, Activision confirmed that it got hit by a cyberattack that led to a huge breach within its systems. Unfortunately, now, this attack has come back to haunt them as the stolen data has been posted online.
With a small Smishing trick, the threat actors were able to access the American game publisher’s systems back in December 2022. Now, data belonging to 10K+ employees has been shared on a hacking forum.
Not only that, but the threat actor is encouraging phishing attacks with this data, and that could be dangerous considering the number of accounts they’ve posted. Here’s what we know about this incident.
The Activision Breach – The Data is Out
Recently, gaming companies have been under attack by numerous cybercriminals around the world. Not only do their “Big Names” play a huge role in this, but also the amount of sensitive information they have.
Threat actors are not targeting small gaming companies. They’re just going after the ones they can actually benefit from.
Of course, this doesn’t only concern the gaming industry. Even cable providers like Dish have had their fair share of similar breaches.
Activision’s data breach happened in December 2022 but was confirmed only a week ago. Now, the threat actor behind the attack has posted the alleged data stolen on the Breached hacking forum.
According to the post, those who wish to get the file will have access to 19,444 unique records of Activision employees containing the following:
- Full names.
- Phone numbers.
- Job titles.
- Locations.
- Email addresses.
The entire attack started with a successful Smishing attack that targeted one of the employees. Once the credentials were stolen, the threat actor was able to harvest the company’s data. A spokesperson in the company explained the incident in this statement:
“On December 4, 2022, our information security team swiftly addressed an SMS phishing attempt and quickly resolved it.
Following a thorough investigation, we determined that no sensitive employee data, game code, or player data was accessed.”
Activision did confirm the breach, but it also stated that the game source code or player details had been compromised.
If, and only if, some details about the upcoming game were part of the leak, Activision is not worried as it already made this a part of public marketing materials.
Regardless, the breach is huge, which led the company to perform a thorough internal investigation. Luckily, no sensitive employee data is part of the harvested data.
Huge Leak, Limited Critical Information
Having the information posted as such on a hacking forum makes it accessible to so many people online. While the company states that no sensitive information is included, there are the email addresses.
In other words, employees might be targeted with phishing campaigns in the near future. We hope it doesn’t get to that, but we can’t deny the possibilities.
