Activision Breached – A Smishing Scheme Went too Well
Big companies around the world are on high alert as cybercrime is spiking in terms of numbers and global spread. Well, they do have the right to do so, especially if they specialize in the gaming department. Lately, gaming companies have been the main targets for cybercriminals, and it seems like Activision is the latest victim.
About a month ago, Riot Games systems’ were breached due to a social engineering attack. Now, Activision faces the same predicament thanks to a well-crafted SMS phishing (Smishing) scheme.
A breach within a company as big as Activision is dangerous. One would wonder how much data the threat actors have been able to siphon. We’ll answer that in the following article.
Activision Breach – Data Exposed Sooner than Planned
As we mentioned, the bigger the company is, the more dangerous a breach will be. This is how cybercrime works.
Threat actors are always on the lookout for the perfect opportunity to strike. For example, the instant Twitter announced that it was shifting to premium subscriptions, cybercriminals started flooding the internet with phishing campaigns to utilize it.
The attack was contained, but who can contain a breach that involves one of the biggest gaming companies in the world – Activision?
The giant was the top United States publisher in 2016, with titles such as Call of Duty, Spyro, Crash Bandicoot, and more in its arsenal.
Now, the company confirmed that cybercriminals infiltrated their systems back in December 2022 and managed to harvest sensitive workplace documents as well as the company’s content release schedule until November 17, 2023.
“On December 4, 2022, our information security team swiftly addressed an SMS phishing attempt and quickly resolved it.
Following a thorough investigation, we determined that no sensitive employee data, game code, or player data was accessed.”
So, how did this happen? It all started with a Smishing attempt (SMS phishing) sent to an Activision employee.
According to security experts, with the credentials they obtained, they managed to gain access to the Slack account of the Activision employee on December 2.
Later on, they tried to scheme their way to various employees and convince them to click malicious links. The company claims that no sensitive employee data, game code, or player data was accessed. We have to wait and see how this one unfolds in the near future.
Activision Hit Hard – Data Ahead of Schedule
Threat actors are, without a doubt, upping their game when it comes to the techniques used to infiltrate systems.
Each time we hear of an incident, we see a different mechanism. Smishing is pretty common, but how they use it is what makes it effective.
If an Activision employee fell for this trick, what makes anyone else safe? Remember, never click on a link that you might find suspicious. Stay vigilant, stay safe.