Hundreds of users had sensitive information skimmed through a compromised website belonging to video game software development company Unity Technologies.
Impacted individuals are being informed that threat actors compromised the website for Unity’s SpeedTree 3D vegetation modeling software.
An investigation showed that the SpeedTree website, specifically its checkout page, contained malicious code between March 13 and August 26, 2025.
The malicious code was designed to harvest the information entered by individuals who made purchases on the SpeedTree site, including name, address, email address, payment card number, and access code.
Unity told the Maine Attorney General’s Office that 428 individuals are impacted. The affected customers are now being notified and offered free credit monitoring and identity protection services.
The disclosure comes shortly after gamers have been warned about a high-severity Unity Editor vulnerability that can allow attackers to load arbitrary libraries and execute malicious code.
Hackers can leverage the flaw to access sensitive information on devices running applications built with Unity.
The vendor has released patches, but Microsoft and Valve have also rushed to take action to protect customers against potential attacks.
Related: SonicWall SSL VPN Accounts in Attacker Crosshairs
Related: NPM Infrastructure Abused in Phishing Campaign Aimed at Industrial and Electronics Firms
Related: Spanish Authorities Dismantle ‘GXC Team’ Crime-as-a-Service Operation
Related: Extortion Group Leaks Millions of Records From Salesforce Hacks
