"Call of Duty Developer Confirms Phishing Attempt but Not Breach"

Activision has recently confirmed it suffered a cybersecurity incident in December 2022 but failed to provide more detail on the suspected data breach.  The Call of Duty developer stated that on December 4, 2022, their information security team swiftly addressed and quickly resolved an SMS phishing attempt.  Following a thorough investigation, they determined that no sensitive employee data, game code, or player data was accessed.  However, on Monday, security researchers at vx-underground claimed on Twitter that the phishing incident successfully compromised a privileged user on the gaming giant’s network.  The researchers noted that the adversaries exfiltrated sensitive workplace documents and scheduled content to be released on November 17, 2023.  A separate report from Insider Gaming confirmed the veracity of vx-underground’s findings and claimed the breached content not only included “plans” for Call of Duty 2023 and Call of Duty 2024 but also sensitive employee information such as full names, emails, phone numbers, salaries and places of work.  The researchers noted that if Activision did not inform employees about this incident, it might have fallen foul of Californian breach notification rules, depending on the number of victims impacted by the breach.

Infosecurity reports: "Call of Duty Developer Confirms Phishing Attempt but Not Breach"