2K Games confirms user details were stolen in data breach last month


Posts: 9,340   +119
Staff member
What just happened? Take-Two subsidiary 2K Games has warned users that the data stolen in a breach it suffered last month is still being exploited, and to look out for any suspicious activity across their accounts. The company has discovered that the perpetrator(s) made away with email addresses, names, and other personal information, but it does not believe any financial details or passwords were taken.

Just as the company was dealing with the fallout from the GTA 6 leak last month, Take-Two announced it had suffered another hack on September 19, though the victim this time was subsidiary 2K Games.

The hacker managed to get hold of system credentials belonging to a vendor 2K uses to run its help desk platform. Once the threat actor gained access to customer email addresses, they sent out official-looking emails containing malicious links that would download password-stealing malware. 2K tweeted a warning not to open any emails or click on any links that originated from its games support account.

Anyone who had already clicked on the link was advised to reset any user account passwords stored in their browser, enable multi-factor authentication where available, install and run a good anti-virus program, and check their email account settings to see if any forwarding rules had been added.

2K Games hired a third party to complete a forensic investigation into the breach. Yesterday, it was confirmed that in addition to the emails, the hacker accessed and copied customers' names, helpdesk identification numbers, gamertags, and console details.

The good news for users is that 2K Games' online help portal is now safe to use, and emails from the support address can again be trusted. Out of an abundance of caution, the studio previously advised all players, not just those who received the emails, to reset their account passwords and ensure that multifactor authentication is enabled.

September was quite the month for hacks. There were warnings for users of WordPress, Steam, Uber, and others. There was also the FastCompany breach that saw racist messages sent via its Apple News push notifications.

h/t: Ars Technica

Permalink to story.

I cant even remember if I have an account with them, the more stupid accounts you need the more likely of a breach
I'm in the same boat. I can't recall, though I think I've played a game or two of theirs over the years. So far, I haven't gotten any notifications from them, so maybe I'm OK.
They've been forcing their useless launcher even into older games to harvest your data. Steam shows regular "updates" for the games but it's all 2K launcher, and every Steam community comment is some variation of "get this launcher out of my game". **** 2K.