Unity Technologies, a video game software development firm, suffered a data breach on its **SpeedTree website** due to malicious code injected into the checkout page. The unauthorized code, active from **March 13, 2025, to August 26, 2025**, skimmed sensitive customer payment data during purchases. Compromised information included **names, addresses, emails, credit card numbers, and access codes** of **428 affected individuals**. The breach was discovered on **August 26, 2025**, prompting Unity to disable the website, remove the malicious code, and launch an investigation. The company notified impacted customers, authorities, and offered **12 months of free credit monitoring and identity protection** via Equifax. The incident was attributed to a **web skimming attack**, where threat actors intercepted payment details entered by users during transactions.
TPRM report: https://www.rankiteo.com/company/unity
"id": "uni3702637101425",
"linkid": "unity",
"type": "Cyber Attack",
"date": "3/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '428',
'industry': 'Video Game Software Development',
'name': 'Unity Technologies',
'type': 'Corporation'}],
'attack_vector': 'Web-based (Malicious JavaScript Injection on Checkout Page)',
'customer_advisories': 'Customers who purchased from SpeedTree website '
'between March 13 and August 26, 2025, were notified '
'of potential data exposure.',
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': '428',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Payment Card Data']},
'date_detected': '2025-08-26',
'date_publicly_disclosed': '2025-10-13',
'description': 'Malicious code on Unity Technologies’s SpeedTree site skimmed '
'sensitive data from hundreds of customers. The incident '
'involved unauthorized code on the checkout page, active from '
'March 13, 2025, to August 26, 2025, capturing customer data '
'such as names, addresses, emails, credit card numbers, and '
'access codes during purchases. A total of 428 individuals '
'were affected.',
'impact': {'brand_reputation_impact': 'Potential Reputation Damage Due to '
'Payment Data Theft',
'data_compromised': ['Names',
'Addresses',
'Emails',
'Credit Card Numbers',
'Access Codes'],
'identity_theft_risk': 'High (Due to PII and Payment Data '
'Exposure)',
'operational_impact': 'Website Disabled During Investigation',
'payment_information_risk': 'High (Credit Card Numbers and Access '
'Codes Compromised)',
'systems_affected': ['SpeedTree Website (Checkout Page)']},
'investigation_status': 'Completed (Malicious Code Removed; Impact Assessed)',
'motivation': 'Financial Gain (Data Theft for Fraud or Resale)',
'post_incident_analysis': {'corrective_actions': ['Removed Malicious Code',
'Secured Website',
'Offered Credit Monitoring '
'to Affected Customers'],
'root_causes': 'Unauthorized Code Injection on '
'Checkout Page (Likely via Supply '
'Chain or Third-Party '
'Vulnerability)'},
'references': [{'date_accessed': '2025-10-13', 'source': 'SecurityAffairs'}],
'regulatory_compliance': {'regulatory_notifications': ['Maine Attorney '
'General']},
'response': {'communication_strategy': ['Notified Impacted Clients',
'Notified Authorities (e.g., Maine '
'Attorney General)',
'Public Disclosure via '
'SecurityAffairs'],
'containment_measures': ['Disabled Compromised Website',
'Removed Malicious Code'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'remediation_measures': ['Secured Network',
'Reviewed Affected Files']},
'stakeholder_advisories': '12 Months of Free Credit Monitoring and Identity '
'Protection (via Equifax) Offered to Affected '
'Individuals',
'title': 'Customer payment data stolen in Unity Technologies’s SpeedTree '
'website compromise',
'type': 'Data Breach (Payment Card Skimming / Magecart Attack)'}