Activision finally confirms it did suffer a serious data breach

Activision
(Image credit: Future)

Game publishing giant Activision has confirmed suffering a data breach late last year. 

Despite playing down the seriousness of the importance, many in the media, as well as the underground hacking community, are claiming the breach was serious.

The news broke on Twitter, where cybersecurity researchers vx-underground shared screenshots of stolen data and messages posted by the hackers on Activision’s Slack workspaces. The data was apparently stolen in early December last year, after an Activision employee got their credentials phished, and as a result, the threat actors took internal employee data, and some game data, from company endpoints

Downplaying the incident

Activision spokesperson, Joseph Christinat, responded to the news by sharing a statement claiming the company “swiftly” responded to a smishing attack, and “quickly resolved it”. The same statement claims the threat actors did not access any sensitive employee data, game code, or player data. 

But vx-underground begs to differ. The files the group shared with TechCrunch shown full employee names, phone numbers, corporate email addresses, and in some cases even postal addresses for their offices. All important information that can be used in identity theft and social engineering attacks.

While the media didn’t outright say it, they hint that Activision tried to hide the data breach. It occurred almost three months ago, yet its employees were also oblivious to the fact. Two current employees spoke to TechCrunch, confirming that this is a problem

“If there is employee’s information involved, they should have disclosed the breach,” one of the employees told the publication.

Activision is one of the world’s biggest game publishers, having published the likes of World of Warcraft, or Call of Duty

The company is currently working on an acquisition deal with Microsoft, with the latter allegedly agreeing to buy the company out for $68.7 billion. However, regulators in different jurisdictions have opposed the deal, the media said.

Via: TechCrunch

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.