Hackers steal Activision games and employee data

Unknown hackers stole internal data from the games giant Activision.

On Sunday, the cybersecurity and malware research group vx-underground published screenshots of data purportedly stolen from Activision, including the schedule of planned content to be released for the popular first-person shooter Call of Duty.

On Monday, games blog Insider Gaming said it confirmed a data breach after obtaining “the entirety” of the stolen data, which was not published by vx-underground.

According to the site, hackers stole employee information such as “full names, emails, phone numbers, salaries, places of work, addresses, and more.”

TechCrunch has not been able to confirm the legitimacy of the published data or the details of the breach.

Activision spokesperson Joseph Christinat sent the following statement: “The security of our data is paramount, and we have comprehensive information security protocols in place to ensure its confidentiality. On December 4, 2022, our information security team swiftly addressed an SMS phishing attempt and quickly resolved it. Following a thorough investigation, we determined that no sensitive employee data, game code, or player data was accessed.”

In a tweet, vx-underground wrote that Activision was breached on December 4, after hackers “successfully phished a privileged user on the network.”

“Also worth noting that the Threat Actor(s) did attempt to phish other employees. Other employees did not fall for the phish. However, it appears they did not report the security incident to the Activision Information Security Team,” vx-underground wrote.

Activision is just the latest victim in a series of hacks against video game companies.

In January, Riot Games disclosed a breach in which hackers accessed the company’s “development environment,” allowing them to steal source code of the popular games League of Legends and Teamfight Tactics, as well as the source code for the company’s legacy anti-cheat system.

Earlier in September, hackers published unreleased footage from the upcoming and much anticipated Grand Theft Auto VI. At the time, the game-maker Rockstar Games admitted that hackers had been able to get their hands on “confidential information from our systems, including early development footage from the next Grand Theft Auto.”

And throughout 2022, a hacking group known as 0ktapus (or Scattered Spider) targeted at least 130 companies, according to cybersecurity firm Group-IB. The group gained notoriety for hacking the cloud communications company Twilio, which provides other companies services such as sending automated text messages to their users. Among the around 130 companies targeted there were several game makers, including Riot Games and Epic Games.

Do you have more information about this data breach? We’d love to hear from you. From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Wickr, Telegram and Wire @lorenzofb, or email lorenzo@techcrunch.com. You can also contact TechCrunch via SecureDrop.