LogInNames, addresses, email addresses, payment card numbers, and access codes were potentially exposed between March 13, 2025, and August 26, 2025.
It's been a rough year for Unity's security: after recently disclosing a nearly decade-old vulnerability, the company has now confirmed the presence of malicious code on the checkout page of its SpeedTree website, where it was capturing customer data.
"On August 26, 2025, we became aware of a security incident involving the SpeedTree website operated by Unity Technologies. Upon discovery, we promptly disabled the site and initiated an investigation with the support of external cybersecurity specialists. Our investigation determined that the incident involved an unauthorized code that had been added to the check-out page of the SpeedTree website around March 13, 2025. We promptly removed this code upon its discovery on August 26, 2025. This unauthorized code potentially allowed an unauthorized individual to capture information entered during the checkout process on the SpeedTree product page", shared Unity with the Maine Attorney General's Office.
According to the data breach notification letter, a total of 428 individuals were affected. In response to the incident, Unity Technologies secured its network and notified both impacted individuals and the appropriate authorities. The company is also offering 12 months of free credit monitoring and identity protection services to help affected users safeguard their information.
If you're a SpeedTree user, this may explain why you've recently been unable to log in to the website. Here's a Reddit thread where users are sharing their experiences and advising others to check their credit card statements for any suspicious activity.
Join our 80 Level Talent platform and our new Discord server, follow us on Instagram, Twitter, LinkedIn, Telegram, TikTok, and Threads, where we share breakdowns, the latest news, awesome artworks, and more.