Pierluigi Paganini
October 13, 2025
Video game software development firm Unity Technologies revealed that malicious code on its SpeedTree website skimmed sensitive information from hundreds of customers, impacting users who accessed the compromised site.
The company discovered on August 26, 2025, the presence of malicious code on the checkout page of its SpeedTree website since March 13, 2025. The code could capture customer data entered during purchases. After the discovery of the code the company launched an investigation, disabled the website, and removed the code.
“Our investigation determined that the incident involved an unauthorized code that had been added to the check-out page of the SpeedTree website around March 13, 2025. We promptly removed this code upon its discovery on August 26, 2025.” reads the data breach notification shared with the Maine Attorney General. “This unauthorized code potentially allowed an unauthorized individual to capture information entered during the checkout process on the SpeedTree product page.”
Customers who purchased from the SpeedTree website between March 13 and August 26, 2025, may have had data such as name, address, email, credit card number, and access code exposed due to malicious code active on the checkout page during that period.
According to the data breach notification letter, the total number of affected persons is 428.
In response to the incident, the company secured its network, reviewed affected files, notified impacted clients and authorities. Unity Technologies is offering 12 months of free credit monitoring and identity protection through Equifax to help safeguard affected individuals’ information.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Unity Technologies)
