2K warns users that their information was stolen following a breach of its support service
2K warns users that their information was stolen following a breach of its support service
Zoom
Getty Images
Gaming company 2K on Thursday warned users to be on the lookout for suspicious activity on their accounts following a breach last month that allowed a malicious actor to obtain email addresses, names and other sensitive information provided to the 2K support team.
The breach occurred on September 19, when the threat actor illegally obtained system credentials belonging to a vendor used by 2K to run its support platform. 2K warned users a day later that the threat actor used unauthorized access to send some users emails containing malicious links. The company has warned users not to open emails sent from its online support address or click on any links in them. If users have already clicked on links, 2K urged them to change all passwords stored in their browsers.
On Thursday, after an external party completed a forensic investigation, 2K sent an email to an unknown number of users warning them that the threat actor may have obtained some of the personal information they had provided to helpdesk staff. The email stated:
Upon further investigation, we discovered that the unauthorized third party had viewed and copied some of the personal data we record about you when you contact us for assistance: the name given when you contact us, email address, help desk ID, gamertag, and console. details. There is no indication that your financial information or passwords held on our systems have been compromised.
We also found that the unauthorized party sent a communication to some players containing a malicious link claiming to provide a 2K software update. Instead, the link contained malware that could compromise data stored on your device, including passwords.
An online FAQ stated that there was no indication that online resources were being affected and that anyone who received one of the malicious emails had already received a subsequent email from 2K notifying them. The FAQ went on to say that it is now safe to use the online help portal and trust emails sent from the support address again. As a precaution, 2K has encouraged all players to reset account passwords and ensure multi-factor authentication has been enabled.
It's been a tough few weeks for businesses owned by Take-Two Interactive. On September 19, Rockstar Games said it had suffered a network breach that resulted in the theft of confidential development footage for the next installment in its hit Grand Theft Auto game franchise. Dozens of videos posted online included around 50 minutes of early gameplay that provided spoilers regarding the characters and settings of the long-awaited sequel. Rockstar has been notoriously tight-lipped about these details in an effort to generate buzz about upcoming releases.
Rachel Tobac, CEO of SocialProof Security, a company focused on preventing social engineering, said the targeting of 2K's help desk was a recurring theme in recent breaches. The teens behind a 2020 Twitter breach, for example, targeted members of the company's customer support team in phone phishing attacks that tricked them into revealing their passwords and their two-factor authentication codes.
"We continue to see cybercriminals targeting customer support and help desk credentials in their hacks because the administrative tools these roles have access to are extremely powerful and full of sensitive user data" , she said in an online chat. "For this reason, I continue to recommend upgrading MFA to match the threat model of customer-facing roles like Helpdesk."
2FA that relies on one-time passcodes sent via text or generated by apps remains wide open to credential phishing attacks, something security firm Twilio recently learned the hard way. 2FA based on
Gaming company 2K on Thursday warned users to be on the lookout for suspicious activity on their accounts following a breach last month that allowed a malicious actor to obtain email addresses, names and other sensitive information provided to the 2K support team.
The breach occurred on September 19, when the threat actor illegally obtained system credentials belonging to a vendor used by 2K to run its support platform. 2K warned users a day later that the threat actor used unauthorized access to send some users emails containing malicious links. The company has warned users not to open emails sent from its online support address or click on any links in them. If users have already clicked on links, 2K urged them to change all passwords stored in their browsers.
On Thursday, after an external party completed a forensic investigation, 2K sent an email to an unknown number of users warning them that the threat actor may have obtained some of the personal information they had provided to helpdesk staff. The email stated:
Upon further investigation, we discovered that the unauthorized third party had viewed and copied some of the personal data we record about you when you contact us for assistance: the name given when you contact us, email address, help desk ID, gamertag, and console. details. There is no indication that your financial information or passwords held on our systems have been compromised.
We also found that the unauthorized party sent a communication to some players containing a malicious link claiming to provide a 2K software update. Instead, the link contained malware that could compromise data stored on your device, including passwords.
An online FAQ stated that there was no indication that online resources were being affected and that anyone who received one of the malicious emails had already received a subsequent email from 2K notifying them. The FAQ went on to say that it is now safe to use the online help portal and trust emails sent from the support address again. As a precaution, 2K has encouraged all players to reset account passwords and ensure multi-factor authentication has been enabled.
It's been a tough few weeks for businesses owned by Take-Two Interactive. On September 19, Rockstar Games said it had suffered a network breach that resulted in the theft of confidential development footage for the next installment in its hit Grand Theft Auto game franchise. Dozens of videos posted online included around 50 minutes of early gameplay that provided spoilers regarding the characters and settings of the long-awaited sequel. Rockstar has been notoriously tight-lipped about these details in an effort to generate buzz about upcoming releases.
Rachel Tobac, CEO of SocialProof Security, a company focused on preventing social engineering, said the targeting of 2K's help desk was a recurring theme in recent breaches. The teens behind a 2020 Twitter breach, for example, targeted members of the company's customer support team in phone phishing attacks that tricked them into revealing their passwords and their two-factor authentication codes.
"We continue to see cybercriminals targeting customer support and help desk credentials in their hacks because the administrative tools these roles have access to are extremely powerful and full of sensitive user data" , she said in an online chat. "For this reason, I continue to recommend upgrading MFA to match the threat model of customer-facing roles like Helpdesk."
2FA that relies on one-time passcodes sent via text or generated by apps remains wide open to credential phishing attacks, something security firm Twilio recently learned the hard way. 2FA based on
Zoom
Getty Images
