>
Data stolen by hackers from top game publisher Activision is now available for download on a popular dark web forum.
The breach, which took place in December 2022, was confirmed by the video game publisher a few days ago. Now it seems that the worst-case scenario has become a reality.
The data, which the hackers claim was stolen from Activision’s copy of the content delivery network (CDN) Azure, apparently contains nearly 20,000 records of employee information, including full names, email addresses, phone numbers and office addresses.
Conflicting messages
Instead of being sold for a price, the data here is provided free of charge to all users of the forum, in the form of a text file. Threat seekers FalconFeedsio were the first to report the message Twitter (opens in new tab).
The first hack was achieved via a text message phishing campaign – also known as smishing – that victimized a company HR employee, giving away company credentials that allowed access to the endpoints.
An Activision spokesperson confirmed the breach Beeping computer (opens in new tab) that “no sensitive employee data” had been accessed, although cybersecurity researchers vx-underground, who discovered the incident, found this to be untrue, as they were aware of the stolen data and messages posted by the hackers on Activision’s Slack workspaces that showed the opposite.
Now the hacker’s forum post seems to confirm this beyond any doubt. Activision has yet to respond in light of their actions.
Other data stolen in the hack included data on upcoming games, though Activision said this was not sensitive and, at best, only related to marketing materials that were already in the public domain.
Actvision also assured that player and customer data will remain safe and not involved in the hack. Since there was no mention of this in the hacker’s post, it seems that this is indeed true.
The free availability of employee data could mean that employees will be bombarded with other malicious campaigns in the future, such as further phishing attacks and identity theft.