When it rains, it pours: Nonetheless reeling from a GTA 6 leak over the weekend, Take-Two obtained nailed with one other information breach. This time it was subsidiary 2K Video games taking the hit when a hacker accessed an inside assist account and started sending out official 2K emails with hyperlinks to a phishing web site. It’s nonetheless unclear if Take-Two has contained the intrusion and what number of prospects have been affected, however the whole 2K assist division is shut down till additional discover.
It appears that evidently Take-Two may want to have a look at who’s in command of its cybersecurity. Falling on the heels of a large GTA 6 hack that uncovered scores of test-build movies and screenshots, 2K’s Assist Companies stories one other intrusion that will have leaked buyer emails. It solely shared a couple of particulars concerning the assault.
On Tuesday, a hacker obtained a maintain of account credentials for one among 2K’s distributors that helps present buyer assist. As soon as within the system, the unhealthy actor gained entry to buyer electronic mail addresses and despatched out official-looking emails containing a malicious hyperlink.
Hey people, please learn an necessary message from our Buyer Assist workforce. Thanks. pic.twitter.com/yKI18eL7mY
— 2K Assist (@2KSupport) September 20, 2022
“The unauthorized occasion despatched a communication to sure gamers containing a malicious hyperlink,” @2KSupport tweeted. “Please don’t open any emails or click on on any hyperlinks that you simply obtain from the 2K Video games assist account.”
At the very least one buyer reported the suspicious electronic mail 9 hours earlier than 2K Assist tweeted its affirmation and warning. Assist blew him off by replying that the e-mail was not from an “official 2K account” and that the corporate wouldn’t be held accountable for recovering accounts “after enlisting the companies of unapproved exercise” — no matter that even means.
@2KSupport at this level its very clear that you simply guys obtained hacked on assist issues associated.. make a press release already earlier than the injury is just too huge.
— MTheGuy (@1MTheGuy) September 20, 2022
Unimpressed, the shopper responded, “@2KSupport at this level its very clear that you simply guys obtained hacked on assist issues associated.. make a press release already earlier than the injury is just too huge. [sic]”
9 hours later, 2K confirmed the hack and basically admitted that the bogus emails have been coming from an official 2K account — through a third-party vendor, in fact. However nevertheless you have a look at it, the optics are unhealthy for mum or dad firm Take-Two, which seems to have been caught with its pants down a minimum of twice in a single week.
Neither Take-Two nor 2K had any particulars on the scope of the assault or what number of prospects have been affected. It solely advises that any communication from the assist group ought to be handled with warning in the intervening time. It has briefly shut down that department of the enterprise till it may possibly clear up the scenario. The corporate mentioned it will let prospects know when it was protected once more.
“Our assist portal will stay offline whereas we proceed to handle this matter. We’ll situation a discover when you may resume interacting with official 2K assist desk emails, and we can even follow-up with further data as to how one can greatest shield your self in opposition to any malicious exercise.”
What is perhaps most annoying is that 2K did not point out further information which may have been accessed, like bank cards, actual names, passwords, and different data. It additionally did not explicitly say something to the impact that it didn’t have cause to imagine such information was uncovered, which is kind of a boilerplate assertion after typical intrusions.
So the dearth of a phrase of reassurance to prospects signifies that 2K remains to be actively investigating the incident. We’ll doubtless hear extra about this information breach within the coming days. This assault wasn’t a typical penetration by way of a safety gap. It was a foul actor with a sound username and password to an inside system. Somebody with absolutely credentialed account entry might doubtless acquire extra than simply electronic mail addresses.