Activision has confirmed that a cybersecurity incident occurred in December 2022, but did not provide details about the alleged data breach.
The Call of Duty developers released the following statement to the media: or accessed player data. ”
But on Monday, security researchers at vx-underground claimed on Twitter that a phishing incident had successfully compromised privileged users on the gaming giant’s network.
“They stole highly sensitive workplace documents and content scheduled for release on November 17, 2023.” Added. “Activision didn’t tell anyone”
another report from insider game Confirming the veracity of vx-underground’s findings, the compromised content included not only Call of Duty 2023 and Call of Duty 2024 “plans”, but also full names, emails, phone numbers, salaries, places of work, etc. It also claimed to contain confidential employee information.
If Activision did not notify its employees about the incident, as vx-underground claims, it may have violated California’s breach notification rules, depending on the number of victims affected by the breach.
“It is also worth noting that the attackers attempted to phish other employees,” added vx-underground in another Twitter post. “Other employees did not fall for phishing, but they do not appear to report security incidents to Activision’s information security team.”
The news comes at a delicate time for the California game developer, who is in the process of being acquired by Microsoft for around $69 billion, despite US, UK and EU regulators expressing concerns about the deal. brought.
Image credit: David Cardinez / Shutterstock.com
