Video game publisher 2K emailed users on Thursday to warn that some of their personal info was stolen and put up for sale online following a September 19 security breach.
2K confirmed on September 20 that its help desk platform was hacked and used by the attackers to target customers using fake support tickets that pushed Redline Stealer malware via embedded links.
The game publisher took down its support portal to investigate the breach and address the incident’s fallout. It also advised those who received the emails and clicked the links to reset their browser-stored passwords and check their accounts for suspicious activity.
On Thursday, 2K warned users that some of their data was stolen from its helpdesk portal and confirmed the phishing attacks that abused its support platform.
“Following further investigation, we discovered that the unauthorized third party accessed and copied some of the personal data we record about you when you contact us for support: the name given when contacting us, email address, helpdesk identification number, gamertag and console details,” 2K said.
“There is no indication that any of your financial information or password(s) held on our systems were compromised.”
Fake 2K support tickets with RedLine stealer download links (Reddit)
No user credentials stolen following the breach
2K also told users that it found no evidence the attackers were able to steal account credentials and advised them to reset their passwords to ensure their accounts were safe.
“At this time, we have no evidence any 2K account passwords were compromised or included in this unauthorized posting, nor has the unauthorized third party claimed to have obtained any passwords,” the company added in a support document.
“However, out of an abundance of caution, we encourage all of our players to secure their accounts by resetting passwords and enabling multi-factor authentication if they have not already done so.”
This was also confirmed by the threat actor who is now selling the data on a hacker forum as a 2K support database bundle containing more than 4 million records.
“This is a database of the 2K Games Support it includes id, username, email, zendesk_email, real_name, platform. It includes 4 Million+ lines of everyone who has sent a support email to 2k,” the threat actor says.
2K user data for sale on a hacking forum (BleepingComputer)
What to do if you were targeted during the breach
While 2K told users its help portal is now back online, it also warned them to remain vigilant and keep an eye out for any suspicious activity across their accounts.
Customers were told never to click suspicious links they receive in messages they didn’t expect to receive and to enable multi-factor authentication (MFA) whenever available (e.g., personal email, banking, and phone or Internet provider accounts).
Those who have clicked the malicious links sent via 2K’s helpdesk system were warned that the malware might’ve stolen their credentials and are recommended to reset all their passwords and install anti-malware software.
This aligns with Redline Stealer’s known capabilities seeing that the info-stealer can harvest a wide range of data after infecting victims’ systems, including saved browser passwords, credit cards, VPN credentials, cookies, instant messages, cryptocurrency wallets, and more.
Users who have received one of the malicious emails and haven’t clicked any of the embedded links are not at risk and should delete the emails from their inboxes.