2K Games confirmed that customers’ personal data was obtained and put up for sale following last month’s security breach.
2K Games suffered a security breach in September – at the time, it was already apparent that personal data was stolen by threat actors, as confirmed by 2K. During the attack, an unauthorized third party accessed the credentials of one of their vendors to use the help desk platform operated by 2K for customer support.
Crooks managed to access users’ personal details and spammed malicious links into their inboxes.
“The unauthorized third-party accessed and copied some personal data that was recorded about you when you contacted us for support, including your email address, helpdesk ID number, gamertag, and console details. There is no indication that any of your financial information or password(s) held on our systems were compromised,” 2K said in a statement.
Currently, it’s not believed that any financial information was obtained or posted for sale. Additionally, there are no signs of the account credentials being compromised, but 2K recommends monitoring the account for signs of unauthorized activity frequently. Finally, users are encouraged to reset their passwords, although it doesn’t seem like threat actors obtained password information.
“For users who clicked on the malicious link, we recommend resetting all online passwords and restarting your devices. However, we do not believe that the unauthorized third-party had access to any user passwords on our systems,” 2K further explains.
All those who had received malicious links were contacted by the company directly with instructions.