Activisionfailed to disclose a data breach that compromised employee information to its affected staffers, who only learned about the incident from Twitter months after the fact. The social media report detailing the hack also contained evidence suggestingActivision’s 2023 plans forCall of Dutyhave been leaked.

Cybersecurity research group vx-underground previously reported that a high-ranking Activision official fell victim to an SMS-based phishing attack on August 05, 2025. After gaining access to her Slack account, the hackers managed to download a number of internal documents revealing an incomplete 2023 roadmap forCall of Dutygames. The victim realized what has transpired after the attackers used her account to post an inflammatory message to one of the company’s Slack channels, presumably after already stealing all of the internal data they could get their hands on, including employee contact information.

RELATED:Call of Duty Account Hack Screenshot Shares Troubling Possibilities For The Game’s Community

While Activision did not disclose the breach publicly, it also failed to do so internally, TechCrunch reports, citing anonymous accounts from two current staffers, one of whom described the situation as problematic, positing that the company should have notified any employees whose data was compromised. According to the original report detailing the attack, this lack of communication was actually a two-way issue; theActivisionofficial who fell for the scam was not the only staffer targeted by the attackers, but those who correctly identified malicious SMS messages as phishing attempts also failed to report them to the company’s security team. While there’s no guarantee this would have prevented the data breach, it likely inhibited Activision’s response to the incident, which was ultimately only identified after the attackers revealed themselves voluntarily.

Apart from vague product plans, the 2022 data breach reportedly compromised employee names, work email addresses, telephone numbers, and office locations. Activision determined no player data, game code, or “sensitive” employee information was leaked as a result of the attack, according to a company spokesperson. Their statement did not elaborate on the decision not to communicate the incident to the affected employees, possibly because the company was not legally obliged to do so. In terms of potential impact, this is far from the worstsecurity breach that Activision sufferedin recent history.

Game developers, especially Fortune 500 ones, remain a popular target among hackers. Mere weeks after the aforementioned incident, Riot Games fell victim to a much more serious attack that saw unknown actors exfiltrate uncompiled source code for a number of its games and internal tools. The studio subsequentlyrefused to pay ransom for stolenLeague of Legendssource code, having said as much in a recent update.