Hackers Leak Data Allegedly Stolen in Activision Breach

Hackers have started leaking data allegedly stolen in a December breach of gaming giant Activision, including employee information that can be used in social engineering attacks.

Last week, malware research group vx-underground broke the news that Activision had suffered a breach in December after the phishing of a “privileged user” on the company’s network.

A company spokesperson later confirmed the incident to enquiring news sites, blaming it on an inattentive employee who fell for a phishing scheme by phone – a smishing attack.

“Following a thorough investigation, we determined that no sensitive employee data, game code, or player data was accessed,” the spokesperson said at the time.

Industry news outlet Insider Gaming told a slightly different story. After an exchange with vx-underground, the site reported that the attackers got their hands on sensitive employee data, in addition to leaked plans for the future of Activision’s massively popular Call of Duty franchise.

“They exfiltrated sensitive work place documents as well as scheduled to be released content dating to November 17th, 2023,” vx-underground told the outlet.

Now, a recent entry to the Breached hacking forum suggests that’s exactly what happened.

Originally revealed Monday by FalconDeedsio, a forum user identified as CVE_2022_30190 claims to be offering “19,444 unique records of employee info, dumped in December 5th 2022.

According to a less-redacted screenshot by BleepingComputer, the leak allegedly contains the names, phone numbers, job titles, locations and emails of the employees concerned.

Credit: BleepingComputer

The forum poster also seems eager to point out that the data makes for a great asset in social engineering attacks, such as phishing.

The veracity of the data has yet to be confirmed. Nonetheless, Activision staffers might want to err on the safe side and keep close tabs on their digital lives for the time being.

Phishing attacks use many different avenues to reach victims, but all leave telltale signs that someone is after your personal or financial data.

Activision has yet to issue a formal data breach notice regarding this incident.

Bitdefender Digital Identity Protection scans the web for unauthorized leaks of your personal data, monitoring whether your accounts are exposed and making it easy to take action before disaster strikes.