Cyber Incident Victim: Activision Blizzard
Date:
Dec 2022
Location:
United States of America
Summary
A cybersecurity incident impacted Activision after hackers used SMS phishing to compromise an employee's account, gaining access to internal systems. While the company stated no sensitive employee data, game code, or player information was accessed, external researchers reported exfiltration of workplace documents, employee details including names, emails, salaries, and upcoming game content schedules. The breach reportedly originated from a compromised HR employee account, with attackers attempting to distribute malicious links via Slack. Leaked information included marketing materials related to unreleased game content, though development environments remained unaffected.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 4, 2022, Activision detected and addressed an SMS phishing attempt targeting an employee, which led to unauthorized access to internal systems. The company’s information security team responded swiftly, containing the incident and initiating an investigation. Activision publicly stated the breach did not compromise sensitive employee data, game source code, or player information. However, security researchers from vx-underground contested this assessment, asserting that threat actors successfully exfiltrated sensitive workplace documents and Activision’s content release schedule extending to November 17, 2023. Evidence indicated attackers had compromised an employee’s Slack account by December 2, 2022, using it to distribute malicious links internally in an attempt to phish additional employees.
Analysis by Insider Gaming of the leaked data confirmed the theft of extensive employee information, including full names, email addresses, phone numbers, salaries, and work locations. The compromised employee belonged to the Human Resources department, granting access to broad personnel records. The breach also disclosed marketing-related details for upcoming content bundles in the *Call of Duty Modern Warfare II* franchise, though Activision clarified these materials were distinct from development environments or source code. By February 2023, portions of the exfiltrated data were considered potentially outdated due to the two-month gap since the intrusion. Activision maintained no critical operational systems or player databases were breached, emphasizing the containment of the phishing attempt and the absence of lasting impacts on game infrastructure or user security.