HQ/EMEAFind out how we can help your business
A threat actor leaked alleged stolen data owned by Activision employees on a hacking forum. The suspected data came from an attack against the American game publisher in December last year. This posted data could cause a massive phishing campaign against the company.
The website used by the hackers to sell and publish stolen data revealed that the information came from the Activision’s Azure database. The leaked database contained nearly 20,000 unique records with full names, phone numbers, locations, email addresses, and job titles of the alleged Activision employees.
Moreover, the actors endorsed the data dump as accessible to all the forum members but in a text file. A threat intelligence platform spotted the alleged posting, which reported the potential data leak on a social media website.
The attack against Activision in December last year could have caused the recent data leak.
Activision confirmed they experienced a data breach incident in early December last month. The hackers successfully breached the game publisher firm by tricking an HR employee into providing their credentials through smishing.
However, Activision investigated the security breach and claimed that the hackers exposed no sensitive data, game code or player data to the public during the cybersecurity incident.
After the investigation, the video game company assured everyone that the threat actors did not compromise their game source code or player information. Moreover, the leaked details regarding the upcoming game content are part of their public marketing strategy.
In addition, an Activision spokesperson stated that they conducted a thorough system examination, which confirmed that the attackers had not acquired any sensitive details.
However, the media disagreed with Activision’s claims since some researchers reviewed the stolen data, and it contained critical information owned by employees that matched the leak earlier this week.
An employee database leak on a forum could cause massive damage to the company since it is available to many audiences. Furthermore, the actors posted the database on a well-known cybercriminal forum, increasing the chances that other threat actors would use it to run their phishing attacks.
