What just happened? Take-Two subsidiary 2K Games has warned users that the data stolen in a breach it suffered last month is still being exploited, and to look out for any suspicious activity across their accounts. The company has discovered that the perpetrator(s) made away with email addresses, names, and other personal information, but it does not believe any financial details or passwords were taken.
The hacker managed to get hold of system credentials belonging to a vendor 2K uses to run its help desk platform. Once the threat actor gained access to customer email addresses, they sent out official-looking emails containing malicious links that would download password-stealing malware. 2K tweeted a warning not to open any emails or click on any links that originated from its games support account.
Anyone who had already clicked on the link was advised to reset any user account passwords stored in their browser, enable multi-factor authentication where available, install and run a good anti-virus program, and check their email account settings to see if any forwarding rules had been added.
Hey folks, please read an important message from our Customer Support team. Thank you. pic.twitter.com/yKI18eL7mY— 2K Support (@2KSupport) September 20, 2022
2K Games hired a third party to complete a forensic investigation into the breach. Yesterday, it was confirmed that in addition to the emails, the hacker accessed and copied customers' names, helpdesk identification numbers, gamertags, and console details.
The good news for users is that 2K Games' online help portal is now safe to use, and emails from the support address can again be trusted. Out of an abundance of caution, the studio previously advised all players, not just those who received the emails, to reset their account passwords and ensure that multifactor authentication is enabled.
September was quite the month for hacks. There were warnings for users of WordPress, Steam, Uber, and others. There was also the FastCompany breach that saw racist messages sent via its Apple News push notifications.
h/t: Ars Technica