2K warns users their info has been stolen following breach of its help desk

Game firm 2K on Thursday warned users to stay looking out for suspicious exercise throughout their accounts following a breach final month that allowed a risk actor to acquire e mail addresses, names, and different delicate data offered to 2K’s help workforce.

The breach occurred on September 19, when the risk actor illegally obtained system credentials belonging to a vendor 2K makes use of to run its help desk platform. 2K warned users a day later that the risk actor used unauthorized entry to ship some users emails that contained malicious hyperlinks. The firm warned users to not open any emails despatched by its on-line help handle or click on on any hyperlinks in them. If users already clicked on hyperlinks, 2K urged them to vary all passwords saved in their browsers.

On Thursday, after an out of doors celebration accomplished a forensic investigation, 2K despatched an unknown quantity of users an e mail warning them that the risk actor was capable of receive some of the private data they equipped to help desk personnel. The e mail acknowledged:

Following additional investigation, we found that the unauthorized third celebration accessed and copied some of the private information we document about you once you contact us for help: the identify given when contacting us, e mail handle, helpdesk identification quantity, gamertag and console particulars. There isn’t any indication that any of your monetary data or password(s) held on our techniques have been compromised.

We additionally discovered that the unauthorized celebration despatched a communication to sure gamers containing a malicious hyperlink purporting to offer a software program replace from 2K. Instead, the hyperlink contained malware that had the potential to compromise information saved in your system, together with passwords.

An on-line FAQ stated there was no indication that on-line property have been affected and that anybody who acquired one of the malicious emails had already acquired a later e mail from 2K informing them of this. The FAQ went on to say that it is now protected to make use of the net help portal and to as soon as once more belief emails despatched from the help handle. Out of an abundance of warning, 2K inspired all gamers to reset account passwords and be sure that multifactor authentication has been turned on.

Advertisement

It has been a tough few weeks for firms owned by Take-Two Interactive. On September 19, Rockstar Games stated it skilled a community intrusion that resulted within the theft of confidential improvement footage for the following installment of its blockbuster recreation franchise Grand Theft Auto. Dozens of movies posted on-line included roughly 50 minutes of early gameplay that offered spoilers referring to the protagonists and settings for the long-anticipated sequel. Rockstar has been famously tight-lipped about such particulars in an try to generate buzz about upcoming releases.
Rachel Tobac, CEO of SocialProof Security, an organization targeted on social engineering prevention, stated that the focusing on of 2K’s help desk has been a recurring theme in current breaches. The youngsters behind a 2020 breach of Twitter, as an example, focused members of the corporate’s buyer help workforce in phone-based phishing assaults that efficiently tricked them into revealing their passwords and two-factor authentication codes.

“We continue to see cybercriminals target customer support and help desk credentials in their hacks because the admin tools those roles have access to are extremely powerful and full of sensitive user data,” she stated in a web-based dialogue. “For that reason, I continue to recommend upgrading MFA to match the threat model of client-facing roles like Helpdesk.”

2FA that depends on one-time passcodes despatched via SMS or generated by apps stay vast open to credential phishing assaults, one thing safety agency Twilio lately discovered the laborious approach. 2FA primarily based on the FIDO2 trade customary, in contrast, is credential-phishing proof. Despite being an open customary that works throughout a large ecosystem of gadgets and kind components, FIDO2 continues to be not broadly used.

2K’s advisory in the present day implies that the risk actor has sufficient details about particular users to provide convincing scams that is likely to be laborious for individuals to acknowledge. Any communications purporting to be associated to 2K or gaming usually ought to obtain further scrutiny from individuals who acquired Thursday’s e mail.

2K’s recommendation that each one users change their account passwords can also be stable. Users ought to use a password supervisor to generate an extended, random phrase or string distinctive to their 2K account. Even when 2FA choices aren’t FIDO2 compliant, they supply extra safety than not utilizing 2FA in any respect.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Popular Posts

Together At Last: Titans Promises a Tighter Team and Darker Foes

The Titans have confronted interdimensional demons, assassins and a famously fearsome psychiatrist, however are they ready for what’s coming subsequent? HBO Max’s Titans returns...

Tweet Saying Nets ‘Formally Released Kyrie Irving’ Is Satire

Claim: The Brooklyn Nets launched Kyrie Irving from the NBA crew on Nov. 3, 2022. Rating: On Nov. 3,...

Data intelligence platform Alation bucks economic tendencies, raises $123M

Join us on November 9 to learn to efficiently innovate and obtain effectivity by upskilling and scaling citizen builders on the Low-Code/No-Code Summit. Register...

Medieval II Kingdoms expansion release date revealed

If you’ve been itching for extra Total War gameplay, we’ve received one thing for you. Feral Interactive has lastly revealed the Total War:...