Activision was hacked in December 2022, and according to TechCrunch, its employees weren't even aware of the breach until this past weekend.
Hackers reportedly managed to phish an employee at the Call of Duty publisher on December 4, 2022, and were able to access internal data related to games and employees. Developers only learned of the attack either via Twitter screenshots of stolen data.
Those hackers told TechCrunch they successfully accessed spreadsheets that featured full names of employees (and their work emails), telephone numbers, and the offices where several developers worked.
A pair of anonymous employees alleged that Activision hadn't yet informed employees about the breach and if their personal data was stolen. One of them told the outlet that "if there is employee’s information involved, they should have disclosed the breach."
When Activision Must Report Breaches
Per California law, Activision is legally required to notify victims of data breaches when its affects 500 or more state residents. Several of the publisher's subsidiaries, the Blizzard arm of the publisher, and the parent company itself are based in California.
When TechCrunch contacted a spokesperson for Activision Blizzard, they didn't respond to a request for comment. During the initial news of the breach, they told TechCrunch a phishing attempt via SMS was "quickly resolved, " and determined that "no sensitive employee data, game code, or player data was accessed.”
The data breach at Activision comes nearly a month after source code for Riot Games' League of Legends was obtained by hackers. And both of those came months after Rockstar Games was hacked, leading to the release of in-progress footage for Grand Theft Auto VI.