It is said that Activision did not disclose a data breach that compromised their employees’ information to affected individuals, and that they learned of this incident through Twitter months after the fact.
The social media report detailing this hack also contained evidence to suggest that Activision’s plans for Call of Duty in 2023 had been leaked.
Cybersecurity research group ‘vx-underground’ previously reported that a senior Activision official fell victim to a text message phishing attack on December 4, 2023. After gaining access to his Slack account, the hackers managed to upload a series of internal documents that revealed an incomplete roadmap for 2023 Call of Duty games.
The victim became aware of what had happened after the attackers used his account to post a defamatory message on one of the company’s Slack channels, presumably having already stolen all the internal data they could put on hand, including employee contact information.
While Activision hasn’t publicly disclosed the breach, it hasn’t disclosed it internally either, citing anonymous testimonies from two current employees, one of whom called the situation problematic, saying the company should have informed all employees whose data had been compromised.
According to the original report detailing the attack, this miscommunication was actually a two-way street; The Activision employee who fell for the scam wasn’t the only staffer targeted by the attackers, but those who correctly identified the malicious SMS messages as phishing attempts didn’t. either reported to the corporate security team.
While there’s no guarantee this would have prevented the data leak, it likely inhibited Activision’s response to the incident, which was only ultimately identified after the attackers willingly came forward. .