Video game software giant Unity Technologies has confirmed that its SpeedTree website was compromised by malicious code, which secretly siphoned sensitive data from hundreds of customers. The company became aware of the issue on August 26, 2025, and immediately began an investigation. The unauthorized code, which was planted on the checkout page, had been active since March 13, 2025, and was able to capture valuable customer information entered during the purchase process. Unity took swift action by disabling the website and removing the code as soon as it was discovered.
According to the data breach notification sent to the Maine Attorney General, the malicious code allowed an unauthorized individual to capture customer details entered on the SpeedTree product page. The stolen information potentially included names, addresses, email addresses, credit card numbers, and even access codes. The breach specifically impacted customers who made purchases on the site between March 13 and August 26, 2025. The company’s investigation determined that the code was placed on the checkout page to specifically target this sensitive information.
The total number of people affected by this incident is 428, as stated in the official data breach notification letter. Unity Technologies has stated that they have secured their network and reviewed all affected files as part of their response. They have also begun the process of notifying all impacted customers and relevant authorities. This proactive approach is aimed at mitigating any further risks and ensuring transparency with their user base.
In an effort to help safeguard the information of those affected, Unity is providing all 428 individuals with a year of free credit monitoring and identity protection services. This service, offered through Equifax, is intended to help victims of the breach protect their financial and personal information from potential misuse. The company hopes this measure will provide peace of mind and an extra layer of security for its customers.
This security breach serves as a stark reminder of the constant threat of cyberattacks. Companies like Unity Technologies, which handle large volumes of customer data, are particularly vulnerable. The swift response from Unity in discovering and removing the code, as well as their offer of free credit monitoring, shows their commitment to their customers’ security. It also highlights the importance of regular security audits and protocols to prevent such incidents from happening.
Reference:
