hacks

Activision employee data published on the Internet after cyber intrusion

18 2 minutes read

Last week, Call of Duty maker Activision confirmed that it suffered a security breach in December 2022. According to information published by a third-party with knowledge of the attack, SMS phishing was used to gain access to the system of an Activision employee.

SMS Phishing, or short smishing, is usually used in targeted attacks against individual users. The attacker managed to obtain two-factor verification codes from the targeted employee to breach the system and obtain the data.

Some documents, copied during the attack, were published by the third-party on Twitter as verification for the claim. Insider Gaming obtained a copy of the entire data dump and confirmed that information about existing and upcoming Call of Duty games was found in the files.

According to the posted information, Activision plans to release a new DLC for Modern Warfare 2 and two Call of Duty games in the coming two years.

The leak included employee information as well. According to Insider Gaming, data included “full names, emails, phone numbers, salaries, places of work, and more” of thousands of Activision employees.

Activision published a statement in response last week in which the company claimed that “no sensitive employee data, game code, or player data was accessed” by the threat actor in the December 2022 breach. Activision refuted the claim that sensitive employee information was copied by the threat actor.

via FalconFeedsio

Now, cyber criminals have published employee data in an underground Internet forum. According to the information, 19444 unique records of employee is included in the file that is publicly available on the forum. They further note that the data is “great for phishing”.

The text file has a size of less than 5 Megabytes. Many of the included records are incomplete. For most, only an email address and name is provided. For others, job titles, departments, phone numbers and other information is also available.

Core Activision employee data appears to be included the most. For the majority, names, email addresses and positions are listed. For some, location information and phone numbers are also listed in the dump.

Name and email are sufficient for targeted phishing campaigns. A quick check on LinkedIn confirmed the validity of the information. Searches for a sample of employee names on LinkedIn returned them as employees of Activision or partners.

An IT security researcher published a screenshot of the underground forum post on Twitter. The data includes email addresses, names, phone numbers and other employee-specific data. Threat actors could use the information for targeted phishing campaigns to gain access to other Activision systems.

Activision has not responded yet to the leak on the underground forum.

Thank you for being a Ghacks reader. The post Activision employee data published on the Internet after cyber intrusion appeared first on gHacks Technology News.

gHacks Technology News 

18 2 minutes read

Related Articles

Attention tech lovers: Honor’s new phones are finally out

Twitter rakes up the past

Top Free Tools for Windows 11

Baldur’s Gate 3 update: Here are BG3 patch notes

© Copyright 2024, All Rights Reserved  |  Tarek el ESS | Proudly Hosted by WebLebHost
Back to top button