Hackers recently gained access to the internal networks of Activision Blizzard by using a phishing assault. Once inside, they disclosed some sensitive personal information as well as gaming data pertaining to the company’s workers. A screenshot that was shared on Twitter reveals that on December 4 of last year, hackers used a phishing attack to obtain a verification code from an Activision employee. With this code, the hackers were able to gain access to the employee’s Slack account and steal some internal files belonging to the company. As the individual in question worked in human resources, it follows that the hackers were able to get access to a significant quantity of sensitive information pertaining to other workers at the company. Hackers continued their attempts to deceive other workers into clicking on dangerous links, but thankfully, none of the other employees fell for their tricks.
According to the information that was leaked, the confidential files contain sensitive employee personal information such as names, email addresses, phone numbers, salaries, and work locations, in addition to the season update plan for Modern Warfare 2’s upcoming DLC’s, which includes information such as update times and contents. The information was leaked by a former employee. In addition, information on the planned downloadable content for “Modern Warfare 2,” “Call of Duty 2023,” (which was code-named Jupiter), and “Call of Duty 2024,” (which was code-named Cerberus), was discovered to have been compromised.
Activision is the company that created and published the first version of the “Call of Duty” first-person shooter video game series in 2003. To far, 19 official titles have been distributed as part of this series.
The primary development environment has not been compromised, as far as can be determined from the information that is presently available, and the information that was released about the game seems to consist mostly of marketing material that is not very relevant.
Activision has given the following comment in regards to this incident:
The protection of our data is of the utmost importance, and to that end, we have implemented stringent information security processes to guarantee its privacy.” On December 4, 2022, a member of our information security team rapidly responded to a phishing attempt that was made by SMS and quickly remedied the issue. After conducting an exhaustive investigation, we came to the conclusion that no critical employee data, game code, or player data had been obtained.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.