Game publishing giant Activision has confirmed suffering a data breach late last year.
Despite playing down the seriousness of the importance, many in the media, as well as the underground hacking community, are claiming the breach was serious.
The news broke on Twitter, where cybersecurity researchers vx-underground shared screenshots of stolen data and messages posted by the hackers on Activision’s Slack workspaces. The data was apparently stolen in early December last year, after an Activision employee got their credentials phished, and as a result, the threat actors took internal employee data, and some game data, from company endpoints (opens in new tab).
Downplaying the incident
Activision spokesperson, Joseph Christinat, responded to the news by sharing a statement claiming the company “swiftly” responded to a smishing attack, and “quickly resolved it”. The same statement claims the threat actors did not access any sensitive employee data, game code, or player data.
But vx-underground begs to differ. The files the group shared with TechCrunch shown full employee names, phone numbers, corporate email addresses, and in some cases even postal addresses for their offices. All important information that can be used in identity theft and social engineering attacks.
> Activision Blizzard acquisition is 'in the best interest of gamers', says Xbox boss (opens in new tab)
> This lawsuit could stop Microsoft from acquiring Activision Blizzard (opens in new tab)
> These are the best firewalls around (opens in new tab)
While the media didn’t outright say it, they hint that Activision tried to hide the data breach. It occurred almost three months ago, yet its employees were also oblivious to the fact. Two current employees spoke to TechCrunch, confirming that this is a problem
“If there is employee’s information involved, they should have disclosed the breach,” one of the employees told the publication.
Activision is one of the world’s biggest game publishers, having published the likes of World of Warcraft, or Call of Duty.
The company is currently working on an acquisition deal with Microsoft, with the latter allegedly agreeing to buy the company out for $68.7 billion. However, regulators in different jurisdictions have opposed the deal, the media said.
- These are the best malware removal tools (opens in new tab) right now
Via: TechCrunch (opens in new tab)