404/68 Wednesday, October 15, 2025
Unity Technologies, the developer of the Unity game engine-a widely used tool for building 3D games and applications-has confirmed that the website for SpeedTree, its graphics software and plugin marketplace, was compromised with malicious code on its payment page, resulting in the theft of customer data.
The incident was detected on August 26, 2025, after the company discovered that a suspicious script had been injected into the checkout page as early as March 13, 2025. The script was designed to intercept sensitive information entered by users during transactions.
Investigations revealed that the malicious code harvested customer data including names, addresses, emails, credit card numbers, and product access keys during purchases. A total of 428 customers were affected. In response, Unity temporarily took the website offline, removed the malicious script, and conducted additional security reviews of its network to prevent further unauthorized access.
Unity Technologies has notified regulators and all affected customers, offering 12 months of free Credit Monitoring and Identity Protection through Equifax to mitigate the risk of identity theft and financial fraud. The company stated that it has also implemented stronger security measures to prevent similar incidents in the future.
