Call of Duty creators Activision recently confirmed that the company suffered a major data breach, with both sensitive and product-related employee information stolen from the website.
The news comes as Microsoft defends its $69 billion acquisition of the company at an EU competitions hearing, with the supra-national political body currently scrutinizing the tech giant's decision to buy the gaming company.
Cybersecurity tools like password managers provide protection against common tactics like credential stuffing, but this case is the latest reminder that educating employees so they can identify suspicious correspondence is equally important to cybersecurity.
Activision Phishing Attack Reveals Staff Data
Activision confirmed this week that towards the end of last year, hackers successfully breached the company’s systems. The threat actors exfiltrated sensitive employee data and information about yet-to-be-released game content.
The stolen data includes full names, email addresses, and phone numbers, as well as confidential information like salaries and work locations.
The breach officially occurred on December 4, 2022, but at that time, Activision did not announce or confirm that a cyber attack had taken place, continuing the trend of large companies prolonging the time between breach discovery and disclosure.
Call of Duty 2023 Plans Revealed
According to gaming publication Insider Gaming, the leaked documents seem to highlight “the entire year ahead for Call of Duty.”
Seven “Core Maps” and a “Haunting of Saba event for Halloween” are scheduled for season 6 (September-November 2023), while one “small map” will be arriving beforehand as part of Season 4 (May – July 2023).
As you can see from the image below (credit: @vxunderground), the leaked documents contain plans for at least “one ‘Licensed’ operator every season, which means a collaboration or crossover… more Gunfights, Spec Ops missions, Raids, and Tier 1 Events starting from Season Three” and “at least another 240 bundles”.
At the bottom of the screenshot, you can just about see date information about “Jupiter” – thought to be a new installment in the Call of Duty franchise.
“Jupiter GL4” is penciled in for April 7 to April 28, “Jupiter Alpha” for May 26 to June 2, and “Jupiter GL5” for June 9 to June 30.
Humans Are Network Weak Points
As is often the case with data breaches, the hackers found their way in after an employee fell for a text message phishing scam, rather than by exploiting a technical vulnerability.
This emphasizes, rather emphatically, the importance of ensuring your staff are well-trained in recognizing the telltale signs that an email may be suspicious. Password managers and other cybersecurity tools can only do so much.
You can have an extremely secure network and still provide a hacker with an endpoint to exploit by not adequately training your staff.