A threat actor has posted data the alleged data stolen from American game publisher Activision in December 2022 on a hacking forum, highlighting the data’s value for phishing operations.
In a forum post to the Breached hacking forum, a website used by threat actors to sell and publish stolen data, the hackers claims to have stolen the data from Activision Azure database.
The leaked data consists of 19,444 unique records containing full names, phone numbers, job titles, locations, and email addresses of alleged Activision employees. The dump is offered freely to all forum members in a text file.
The forum post was first spotted by the threat intelligence platform FalconFeedsio, which reported the potential data leak on Twitter.
On February 21, 2023, Activision confirmed that it suffered a data breach in early December 2022 after hackers tricked an HR employee into giving away their credentials through smishing (SMS-based phishing).
“On December 4, 2022, our information security team swiftly addressed an SMS phishing attempt and quickly resolved it. Following a thorough investigation, we determined that no sensitive employee data, game code, or player data was accessed,” a company spokesperson told BleepingComputer.
At the time, the video game maker assured that the incident had not compromised game source code or player details and told BleepingComputer that any leaked details about upcoming game content were already part of public marketing materials.
Moreover, Activision stated that after conducting a thorough internal investigation, it determined that the intruders had stolen no sensitive employee data.
This contrasted claims from media, such as Insider Gaming, which reviewed the stolen data, reporting it contained sensitive employee details that match what was leaked today.
The appearance of the employee database on a forum makes it widely available to a larger audience, including a very popular forum used by threat actors, which increases the chances of Activision employees being targeted by phishing and social engineering attacks.
BleepingComputer has contacted Activision about the allegedly leaked employee data, and we will update this post as soon as we receive a response.