Cyber Incident Victim: Blizzard Entertainment
Date:
Dec 2022
Location:
United States of America
Summary
A major video game company experienced a data breach when hackers used SMS phishing to compromise an employee's account, gaining access to internal systems. While the firm stated no sensitive employee data, game source code, or player information was accessed, third-party analyses revealed exfiltration of workplace documents containing employee details such as full names, email addresses, phone numbers, salaries, and work locations. The breach also exposed upcoming content schedules and marketing materials for active game franchises. Security researchers indicated the compromised account belonged to a human resources team member with broad data access, and attackers leveraged this to distribute malicious links internally. The incident did not impact development environments, though some leaked information reportedly became outdated following remediation efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 4, 2022, Activision detected and addressed an SMS phishing attempt targeting an employee. The company's information security team responded swiftly, resolving the incident promptly. A subsequent investigation concluded that no sensitive employee data, game source code, or player information had been accessed during the breach. However, security researchers from vx-underground contradicted this assessment, asserting that threat actors successfully exfiltrated sensitive workplace documents and Activision's content release schedule extending through November 17, 2023. Evidence indicated the attackers had compromised an employee's Slack account two days prior on December 2, 2022, using this access to distribute malicious links to other staff members.
Analysis by Insider Gaming of the leaked data confirmed the compromise included extensive employee information such as full names, email addresses, phone numbers, salaries, and work locations. The breached employee belonged to the Human Resources department, granting access to broad personnel records. The leak also contained marketing materials detailing upcoming content bundles for Call of Duty: Modern Warfare II. Activision maintained that development environments remained unaffected and characterized the exposed game information as outdated marketing assets. Third-party verification confirmed no game source code or player data appeared in the leak, though employee data exposure created significant organizational risk. The company did not disclose remediation steps beyond initial phishing mitigation and investigation completion.