Stolen Activision data now freely available on hacking forum

News
By Lewis Maddison
published

December 2022 Activision breach takes an even darker turn

Data Breach
(Image credit: Shutterstock)

Data stolen from top gaming publisher Activision by hackers has now appeared for download on a popular dark web forum.

The breach, which occurred in December 2022, was confirmed by the videogame publisher several days ago. Now, it looks as if the worst case scenario has become reality.

The data, which the hackers claim was stolen from Activision's instance of the content delivery network (CDN) Azure, apparently includes nearly 20,000 records of employee details, including full names, email addresses, phone numbers and office addresses.  

TechRadar Pro needs you!
We want to build a better website for our readers, and we need your help! You can do your bit by filling out our survey and telling us your opinions and views about the tech industry in 2023. It will only take a few minutes and all your answers will be anonymous and confidential. Thank you again for helping us make TechRadar Pro even better.

D. Athow, Managing Editor

Contradicting reports

Rather than being sold for a price, the data here is being offered for free to all users of the forum, in the form of a text file. Threat finders FalconFeedsio were the first to report the post on Twitter.

read more

> Riot Games delays game patches following security breach

> Top gaming companies hit by major data breach, one million employees affected

> These mods for popular online game Dota 2 contain malware

The initial hack was achieved via an SMS phishing campaign - AKA smishing - to which an HR employee at the firm fell victim, giving away company credentials that allowed for access to its endpoints.

In confirming the breach, an Activision spokesperson told BleepingComputer that "no sensitive employee data" was accessed, although cybersecurity researchers vx-underground, who uncovered the incident, found this to be untrue, as they were privy to the stolen data and messages posted by the hackers on Activision’s Slack workspaces that showed otherwise.

Now the hacker's forum post appears to confirm this beyond doubt. Activision is yet to respond in light of their actions.

Other data stolen in the hack included that related to upcoming games, although Activision said this was not sensitive and at best only related to marketing materials already in the public domain.

Activision also assured that player and customer data remains safe and was not included in the hack. Since no mention of this was made in the hacker's post, it seems as if this is indeed true. 

The free availability of employee data could mean the future bombardment of employees with other malicious campaigns, such as further phishing attacks and identity theft.

Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. 

His area of expertise lies in computer peripherals and audio hardware, including speakers and headphones, having spent over a decade exploring the murky depths of audio production and PC building. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.