A few weeks after the recent security breach on the video game publisher 2K Games, the firm sent out email notifications to some of its users to warn them about the stolen data for sale online.
The 2K Games security breach transpired after unknown hackers had accessed their help desk platform and targeted customers using fake support tickets. These malicious tickets are injected with the RedLine information-stealing malware through embedded links, causing the spread among users.
As the investigation began, the 2K Games has temporarily taken down the affected support portal while also addressing the scope and damage of the incident. The users who have been victimised are advised to reset their passwords and monitor their accounts if suspicious activities occur.
Users’ email addresses, helpdesk ID numbers, gamer tags, and console details are included in the 2K Games data breach.
Based on the letter sent by the game publisher, they confirmed that customers’ data had been stolen from the helpdesk portal. However, there is no proof that their financial information or passwords were included in the compromise. Even though the customers’ passwords are deemed safe from the hack, it is still encouraged that the affected customers change them. Enabling MFA could also help enhance their accounts’ security.
Investigations reveal that the perpetrators of the 2K Games breach had posted the stolen data on a dark web platform to sell to other hackers. The threat actor’s post said that the database includes 2k Games’ customer data, such as usernames, Zendesk email addresses, full names, and platforms. There are over 4 million lines inside the database of everyone who has sent a support email or tickets to 2K Games.
The helpdesk portal of 2K Games is now back online to process customers’ help tickets. However, the firm reiterated that users must remain wary about possible cyberattacks and report suspicious activities. Furthermore, customers must avoid clicking on links they receive out of nowhere and must first examine if these emails are authentic.
In this case, those that have clicked on the links sent through the impacted helpdesk portal are advised to be extra cautious, especially since chances are high that the malware has stolen their data. It is known that the RedLine stealer can collect numerous data from web browsers, such as users’ credit card details, VPN credentials, saved passwords, instant messages, cookies, crypto wallets, and more.