A threat actor leaked on the Breached hacking forum the data allegedly stolen from the gaming giant Activision in December 2022.
The threat actors claim to have obtained 19,444 unique records from an Activision Azure database amd is offering it for free. The leaked data contains names, phone numbers, job titles, locations, and email addresses of Activision employees.
Activision disclosed the data breach on February 21, 2023, it added that the incident took place in December 2022. According to the company, threat actors obtained the credentials of an HR employee through a smishing attack.
“The security of our data is paramount and we have comprehensive information security protocols in place to ensure its confidentiality. On December 4, 2022, our information security team swiftly addressed an SMS phishing attempt and quickly resolved it.”a company spokesperson told Bitdefender. “Following a thorough investigation, we determined that no sensitive employee data, game code, or player data was accessed.”
Bitdefender post highlights that the screenshots shared by vx-underground researchers show that the threat actor tried to phish several more employees who were not tricked into providing their credentials.
“Unfortunately, the same people failed to inform Activision’s security department about the attempted hack.” states the post.
While Activision pointed out that no sensitive employee data, game code, or player data was compromised as a result of the incident, the website Insider Gaming reported the exposure of sensitive employee details.
The availability of Activision employees’ data in the cybercrime ecosystem exposes them to social engineering attacks.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data leak)