When it rains, it pours: Still reeling from a GTA 6 leak over the weekend, Take-Two got nailed with another data breach. This time it was subsidiary 2K Games taking the hit when a hacker accessed an internal support account and began sending out official 2K emails with links to a phishing website. It is still unclear if Take-Two has contained the intrusion and how many customers were affected, but the entire 2K support division is shut down until further notice.
It seems that Take-Two might need to look at who's in charge of its cybersecurity. Falling on the heels of a massive GTA 6 hack that exposed scores of test-build videos and screenshots, 2K's Support Services reports another intrusion that may have leaked customer emails. It only shared a few details regarding the attack.
On Tuesday, a hacker got a hold of account credentials for one of 2K's vendors that helps provide customer support. Once in the system, the bad actor gained access to customer email addresses and sent out official-looking emails containing a malicious link.
Hey folks, please read an important message from our Customer Support team. Thank you. pic.twitter.com/yKI18eL7mY— 2K Support (@2KSupport) September 20, 2022
"The unauthorized party sent a communication to certain players containing a malicious link," @2KSupport tweeted. "Please do not open any emails or click on any links that you receive from the 2K Games support account."
At least one customer reported the suspicious email nine hours before 2K Support tweeted its confirmation and warning. Support blew him off by replying that the email was not from an "official 2K account" and that the company would not be held responsible for recovering accounts "after enlisting the services of unapproved activity" — whatever that even means.
@2KSupport at this point its very clear that you guys got hacked on support things related.. make a statement already before the damage is too big.— MTheGuy (@1MTheGuy) September 20, 2022
Unimpressed, the customer responded, "@2KSupport at this point its very clear that you guys got hacked on support things related.. make a statement already before the damage is too big. [sic]"
Nine hours later, 2K confirmed the hack and essentially admitted that the bogus emails were coming from an official 2K account — via a third-party vendor, of course. But however you look at it, the optics are bad for parent company Take-Two, which appears to have been caught with its pants down at least twice in one week.
Neither Take-Two nor 2K had any details on the scope of the attack or how many customers were affected. It only advises that any communication from the support group should be treated with caution for the time being. It has temporarily shut down that branch of the business until it can clear up the situation. The company said it would let customers know when it was safe again.
"Our support portal will remain offline while we continue to address this matter. We will issue a notice when you can resume interacting with official 2K help desk emails, and we will also follow-up with additional information as to how you can best protect yourself against any malicious activity."
What might be most disturbing is that 2K didn't mention additional data that might have been accessed, like credit cards, real names, passwords, and other information. It also didn't explicitly say anything to the effect that it did not have reason to believe such data was exposed, which is more or less a boilerplate statement after typical intrusions.
So the lack of a word of reassurance to customers indicates that 2K is still actively investigating the incident. We will likely hear more about this data breach in the coming days. This attack wasn't a typical penetration through a security hole. It was a bad actor with a valid username and password to an internal system. Someone with fully credentialed account access could likely obtain more than just email addresses.