Stolen Activision data now freely available on hacking forum

(Image credit: Shutterstock)

Data stolen from top gaming publisher Activision by hackers has now appeared for download on a popular dark web forum.

The breach, which occurred in December 2022, was confirmed by the videogame publisher several days ago. Now, it looks as if the worst case scenario has become reality.

The data, which the hackers claim was stolen from Activision's instance of the content delivery network (CDN) Azure, apparently includes nearly 20,000 records of employee details, including full names, email addresses, phone numbers and office addresses.

Contradicting reports

Rather than being sold for a price, the data here is being offered for free to all users of the forum, in the form of a text file. Threat finders FalconFeedsio were the first to report the post on Twitter.

> Riot Games delays game patches following security breach

> Top gaming companies hit by major data breach, one million employees affected

> These mods for popular online game Dota 2 contain malware

The initial hack was achieved via an SMS phishing campaign - AKA smishing - to which an HR employee at the firm fell victim, giving away company credentials that allowed for access to its endpoints.

In confirming the breach, an Activision spokesperson told BleepingComputer that "no sensitive employee data" was accessed, although cybersecurity researchers vx-underground, who uncovered the incident, found this to be untrue, as they were privy to the stolen data and messages posted by the hackers on Activision’s Slack workspaces that showed otherwise.

Now the hacker's forum post appears to confirm this beyond doubt. Activision is yet to respond in light of their actions.

Other data stolen in the hack included that related to upcoming games, although Activision said this was not sensitive and at best only related to marketing materials already in the public domain.

Activision also assured that player and customer data remains safe and was not included in the hack. Since no mention of this was made in the hacker's post, it seems as if this is indeed true.

The free availability of employee data could mean the future bombardment of employees with other malicious campaigns, such as further phishing attacks and identity theft.

Keep your business protected with the best firewall

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.