The American game publisher 2K Games reports that after the September hack of the company’s technical support, some of the user data fell into the hands of hackers. Currently, the attackers are already selling data on the dark web, claiming that the dump contains more than 4 million lines and information about all users who contacted 2K Games support by mail.
Let me remind you that in mid-September, 2K Games, which is the publisher of many popular game franchises (including NBA 2K, Borderlands, WWE 2K, PGA Tour 2K, Bioshock, Civilization and Xcom), suffered from a hacker attack. Then the compromised support of the company began sending out tickets to players containing links to the RedLine malware, designed to steal information.
The company reported that “an unauthorized third party illegally gained access to the credentials of the service desk platform from one of the vendors.” All users who managed to follow the malicious links of the scammers were advised to urgently reset all account passwords stored in the browser, enable multi-factor authentication, install antivirus software, and check if any strange redirects appeared in the mail.
As it turned out now, this attack was not limited to just mailing the RedLine stealer. Now 2K Games warns that during the compromise of the support service, hackers managed to steal user data, and phishers have already targeted the victims.
“After further investigation, we have discovered that an unauthorized third party has accessed and copied some of the personal data that we record when you contact us for support: name provided when contacting us, email address, support identification number, gamertag and information about the console, the company explains. “There is no indication that any financial information or passwords stored on our systems have been compromised.”
Although the passwords were not stolen, the company still recommends that users change their passwords, as well as enable multi-factor authentication.
The fact that there was no password leak is confirmed by the attackers themselves, who have already put the stolen data up for sale. According to the description of the dump, which is published on the hacker forum, it contains 4 million lines and is “2K Games support database, which includes ID, username, email address, zendesk_email, real_name, platform information.”
