Activision, the major video game publisher, has confirmed that it experienced a data breach in December 2022, whereby hackers were able to gain entry into the company's internal systems using SMS phishing. Fortunately, Activision states that no sensitive employee data, game code, or player data was accessed, and that the incident was resolved quickly after their information security team addressed an SMS phishing attempt.
However, security research group vx-underground suggests that the hackers exfiltrated sensitive workplace documents, along with content release schedules until November 17, 2023. The hackers gained access to the Slack account of an Activision employee on December 2 and then attempted to trick other employees into clicking on malicious links. The employee was from the Human Resources department and had access to a significant amount of sensitive employee data.
Insider Gaming, a video game publication, has analyzed the entire leak and reported that the data cache contains full names, email addresses, phone numbers, salaries, work locations, and other employee details. Additionally, the publication listed all the game title-related content revealed by the breach, including upcoming content bundles for the Call of Duty Modern Warfare II franchise.
It is important to note that the leaked data is likely to be outdated since the breach occurred in December 2022. Furthermore, BleepingComputer, who had no access to the leaked data, has stated that the game information shared online was based on marketing materials, and that the development environment was not affected by the breach.
Overall, the breach serves as a reminder of the importance of employee awareness and education when it comes to phishing attempts, as well as the need for companies to prioritize and implement robust cybersecurity measures to protect sensitive data. David Maynor, Senior Director of Threat Intelligence, Cybrary weighed in on the incident and how it was handled by Activision:
"There is no one “SOP” for breaches. This timeline shows a typical public reaction to a breach. Some entity, in this case VX-Underground, notices something on a market and tells the world about it. Reporters that follow VX-Underground use it as a tip and suddenly the victims switchboard/email server gets loaded with requests for comment.
There is also the fog of war effect where different people have different parts of a puzzle and make assumptions. This leads to different hot takes contradicting each other.
From the trial last year of the Uber CISO, Joseph Sullivan, we know that big corps can handle breaches differently. What I can say from personal experience is that the responses to questions as well as public statements are approved by if not written by a crisis communications team. The default response is deescalate, deflect, then deny. This is why the infosec community values technically insightful Root Cause Analysis (RCA) from a victim.”