Toni Dimaano Tech 02.23.2023 04:Feb AM EST

Activision Responds To A Data Breach That Might Have Compromised Future Call Of Duty Information

A hack on Activision may have exposed information on Call of Duty's future and other matters from an employee's compromised Slash account.

By tricking a worker into entering their SMS two-factor authentication code to log into their Slack account, hackers were able to acquire this data, Game Spot writes.

The Company Says It Is Investigating The Incident

The hacker disclosed details on new operators, weapon maps, and chats between coworkers in Call of Duty: Modern Warfare II's #general channel for a number of upcoming seasons.

"Following a thorough investigation, we determined that no sensitive employee data, game code, or player data was accessed," Activision says in a statement.

All in all, the hacker gained access to the Activision Slack channel, sent abusive remarks from the targeted account, and took information.

The intrusion appears to have happened through social engineering, with the hacker fooling an employee into delivering an SMS-delivered two-factor authentication token.

"On December 4, 2022, our information security team swiftly addressed an SMS phishing attempt and quickly resolved it," the company claims.

Activision has extensive information security processes in place to guarantee data confidentiality, according to the company, which claims that data security is of the utmost importance.

According to Vice, when directly questioned about the data that the hacker seems to have accessed, such as the Call of Duty timetable, Activision remained silent.

The Video Game Maker Initially Refused To Tell Employees About The Breach

Activision has acknowledged that a data breach occurred in early December 2022 as a result of hackers deceiving an employee with an SMS phishing text in order to access the company's internal systems.

However, according to the video game developer, neither player information nor the game's source code were affected by the event.

The hacker "exfiltrated sensitive work place documents," according to security research firm vx-underground, along with the content release schedule through November 17, 2023.

According to screenshots provided by the researchers, hackers got access to one Activision employee's Slack account on December 2 and had attempted to lure other staff members into clicking dangerous links.

Bleeping Computer reports the whole cache of employee information, including full names, email addresses, phone numbers, salaries, workplaces, and other information.

Moreover, the compromised employee was from the Human Resources department and had access to reams of confidential employee details.

Since the breach happened in December 2022, some of the information Activision was able to collect may be out of date right now.

Despite not having access to the stolen information, Bleeping Computer discovered that the online game information was based on promotional materials and that the development environment was unaffected.

Activision is not the only major tech business to experience a hack in a very basic way and respond to it in a subpar way.

For instance, despite the hacker using rather simple intrusion techniques, a sizable phishing campaign late last year was able to access the networks of dozens of important companies.

As a matter of fact, Reddit has recently disclosed that it had been hacked using a fairly simple phishing scheme.