Call of Duty games maker Activision confirms security breach
Activision, a gaming company best known for its Call of Duty game series, confirmed today that it experienced a security breach in December 2022.
News of the breach was published on Twitter by vx-underground on February 20, 2023. According to the information that is available currently, it appears that a threat actor used an SMS phishing attack on Activision employees. The threat actor managed to gain access through a "privileged user on the network" according to the report in December 2023. Several of the copied documents were published on Twitter to support the claim.
According to gaming news site Insider Gaming, the threat actor managed to obtain information about upcoming Call of Duty games, an upcoming DLC for Modern Warfare 2, and "sensitive employee information". The site claims that it had access to the entire cache of data that was obtained during the breach.
Modern Warfare 2 DLC plans are available online already, but information about the next two Call of Duty games is not, at least nothing that has been confirmed by Activision. The next two Call of Duty games will be released in 2023 and 2024 according to the leaked data, and they are developed using the codenames Jupiter and Cerberus.
Several key details about the 2023 Call of Duty game leaked earlier. The information about the game has to be taken with a grain of salt, as Activision did not comment on the leak. According to the information, the 2023 Call of Duty game will be closely connected to the Modern Warfare series. It is unclear if it will indeed be the next Modern Warfare installment, but it does not appear to be a DLC for the current Modern Warfare game.
The game is developed by Sledgehammer Gamers, according to Bloomberg's Jason Schreier. Activision plans to run a 2-week beta and an early access campaign period. The game is said to be released for this generation of consoles and the last generation as well.
Employee information includes "full names, emails, phone numbers, salaries, places of work, and more" according to Insider Gaming. The user who published information about the breach on Twitter told Insider Gaming that the hack occurred on December 4, 2022. He received the files after the threat actor was not able to "sell the contents of the breach".
Activision issued a statement, in which the company admits that a security breach happened on December 4, 2023, but that "no sensitive employee data, game code, or player data was accessed".
The company disputes that employee data was obtained by the threat actor. Call of Duty and Activision player and customer data was not obtained during the breach. It remains to be seen if the original threat actor or someone else with access to the data is going to publish it publicly.Advertisement