Activision Details

    Organization Logo

    Activision

    Santa Monica, CA17000 employees • Arts, Entertainment, and Recreation

    Industry

    Arts, Entertainment, and Recreation

    Security Incidents

    1

    Security Incidents

    Activision Breach of Dec 2022
    Severity Score
    Significant to High

    Type

    Phishing Attack

    Summary

    In December 2022, video game publisher Activision experienced a data breach due to an SMS phishing attack targeting one of its employees. The attacker gained access to sensitive employee information, including full names, email addresses, phone numbers, salaries, and work locations. Additionally, future content plans for the Call of Duty Modern Warfare II franchise were accessed. The extent of the breach came to light in February 2023 when cybersecurity group vx-underground shared screenshots of the stolen data and internal Slack messages.

    Despite initial claims by Activision that no sensitiv...
    Show more

    Severity

    In December 2022, Activision faced a cyberattack where hackers used an SMS phishing technique to gain access to the company's internal network. The attacker compromised an HR employee's account, resulting in the exfiltration of sensitive workplace documents, including full names, email addresses, phone numbers, salaries, and work locations of employees. While Activision claimed that no game source code or player data was breached, the leak did include content release schedules and potentially exposed internal communication channels like Slack.

    Given the breach involved sensitive employee data...
    Show more

    Impact

    The social engineering attack on Activision in December 2022 involved phishing employees via SMS to gain access to the company's network. This breach resulted in the exposure of sensitive employee data, including full names, email addresses, phone numbers, salaries, and work locations. However, game source code, player data, and critical game development information were reportedly not compromised.

    Despite initial denials of significant data exposure, further analysis by cybersecurity researchers revealed that the attackers accessed an HR employee's Slack account, granting them a broader scop...
    Show more