Data stolen from game publisher Activision by unknown cybercriminals in an incident in December has been exposed on a popular dark web forum. There is no personal information of users among them.
Image source: activision.com
Activision confirmed the fact of the December 2022 hack a few days ago, and events began to unfold according to the worst-case scenario. The data, as the hackers themselves said, was stolen from an Activision instance in the Azure infrastructure CDN — it includes 20,000 records of the gaming giant’s employees: full names, email addresses, phone numbers, and office addresses. The information was not offered for sale but was made available to the public in a text file format.
The hack was carried out using a phishing campaign via SMS. It turned out that the victim of the attack was an employee of Activision’s human resources department, who gave the attackers data to access the company’s resources without realizing the consequences of his actions. Activision representative confirmed data leak, but stated that hackers had no access to “confidential employee data”, although an independent investigation denied this version and the information published by cybercriminals actually left no stone unturned.
Information about upcoming gaming products was also stolen as a result of the hack – Activision said it was not confidential. The company also assured that the attackers were unsuccessful in stealing players’ and customers’ data. However, the public release of Activision employees’ personal information can make their jobs significantly more difficult – we have to expect a whole wave of regular phishing attacks.
Add Comment