Activision Blizzard, the maker of popular games such as Call of Duty and Candy Crush, has reportedly suffered a data breach resulting in employee data, including contact and financial information, being leaked online.
Content plans for Call of Duty were also stolen in the breach.
When reached for comment, Activision spokesperson Joseph Christinat told TechCrunch that the company’s security team “swiftly addressed an SMS phishing attempt and quickly resolved it” on December 4, 2022.
“No sensitive employee data, game code, or player data was accessed,” Christinat said.
The statement contradicted twitter user @vxunderground. The user claimed that the unknown hackers managed to get into the system by successfully phishing “a privileged user on the network” and stole “sensitive work place documents” and scheduled content plans for their games, “dating to November 17th, 2023”.
.@Activision was breached December 4th, 2022. The Threat Actors successfully phished a privileged user on the network. They exfiltrated sensitive work place documents as well as scheduled to be released content dating to November 17th, 2023.
Activision did not tell anyone. pic.twitter.com/urD64iIlC5
— vx-underground (@vxunderground) February 20, 2023
This tweet was verified by Insider Gaming which managed to obtain the entirety of the data breach. The data contains employee contact information, salaries, and information on planned content for Call of Duty: Modern Warfare 2, Call of Duty 2023 (Jupiter) and Call of Duty 2024 (Cerberus).
Activision not only hid the breach until the tweets were posted online, it also didn’t alert employees.
Speaking to TechCrunch, two employees said the staff were not allowed to interact with the press and information on whether their data was accessed was not disclosed.