Activision Fails to Inform Employees About Recent Data Breach
Table of Contents
- By Steven
- Feb 27, 2023
Activision is a massive game development and software company in the United States. The company is behind huge titles like World of Warcraft and Call of Duty, among others. The company was recently attacked by a group of hackers that were able to access some of the internal files as well as the Activision Slack channel. Even though this information was stolen, company employees were never notified of the attack. Does this put them at risk, and did Activision do the wrong thing in an effort to preserve its name?
How Did the Attack Occur?
On December 4, Activision was hacked when an employee was phished. A simple phishing attack was leveraged to gain access to some company data from Activision. After getting the employee to click a harmful link, the hacker was able to install malicious files onto the Activision network and use that to obtain company documents. The files obtained from the attack didn't contain information that was deemed very sensitive, and Activision never notified its employees of the attack for that reason.
What Information Was Viewed or Stolen?
During the Activision phishing attack, hackers were able to acquire a few spreadsheets containing mostly basic employee information. The sheets had details such as the full names, work email addresses, and phone numbers of various employees at the organization. There was also information about which office a particular employee works at for some of the leaked employees. According to Activision, no financial or sensitive personal information was leaked during this attack.
How Did Business Admit to the Breach?
Activision never willingly released information about the data breach. Instead, a cybersecurity company known as VX-Underground posted screenshots of the stolen data on Twitter. The company also put-up screenshots taken directly from Activision's internal slack channel. These things were obtained by the group of hackers that released the information to the public. It wasn't until these screenshots were released on Twitter that Activision admitted to the data breach at all. Activision didn't release any information about the breach because it's believed that no sensitive data was released due to the attack. Instead, only basic information was inside the stolen files.
What Will Become of the Stolen Information?
The hackers have already released the stolen data to the internet. Most of the data is basic in nature and isn't likekly to cause too many issues for Activision employees named on the different spreadsheets. Employees may have to change their phone numbers if they begin receiving a large number of calls in response to having their number released to the public.
What Should Affected Parties Do in the Aftermath of the Breach?
If you have a reason to believe your information was released in the Activision cyber attack, you should be cautious about potential phishing attempts in the future. If your work email address and phone number are both available, hackers may attempt to get you to click links for a harmful phishing attack. Avoid clicking any links you aren't sure about, and don't believe individuals you don't know.