Activision Blizzard is suspected of leaking sensitive employee information and game data
Recently, hackers used a phishing attack to gain access to the internal systems of Activision Blizzard and leaked some sensitive personal information and game data of employees.
A screenshot shared by the Twitter account @vxunderground shows that on December 4th last year, hackers used a phishing attack to obtain a verification code from an Activision employee, gaining access to their Slack account and stealing some internal files of the company. The affected employee was from the human resources department, which means that the hackers were able to access a large amount of sensitive employee information. The hackers also continued to try to trick other employees into clicking on malicious links, but fortunately, no one else was fooled.
According to the exposed information, the confidential files include sensitive employee personal information such as names, email addresses, phone numbers, salaries, and work locations, as well as the season update plan for Modern Warfare 2’s upcoming DLC’s, such as update times and contents. In addition, plans related to the upcoming DLC of “Modern Warfare 2”, “Call of Duty 2023” (code-named Jupiter), and “Call of Duty 2024” (code-named Cerberus) were also leaked.
“Call of Duty” is a first-person shooter game series originally developed and released by Activision in 2003. The series has released 19 official titles so far.
According to the currently known information, the leaked game information is mostly marketing material that is not particularly important, and the key development environment has not been affected.
Regarding this incident, Activision issued the following statement:
“The security of our data is paramount, and we have comprehensive information security protocols in place to ensure its confidentiality. On December 4, 2022, our information security team swiftly addressed an SMS phishing attempt and quickly resolved it. Following a thorough investigation, we determined that no sensitive employee data, game code, or player data was accessed.”