The Hacker used the help desk to circulated email links that contained password-stealing spyware
This week, hackers have been focusing on the game industry, namely companies associated with Take-Two Interactive.
On Tuesday, 2K Games announced that an “unauthorized third party” had infiltrated their help desk infrastructure and exploited it to deliver harmful links to users. The announcement was made just one day after Rockstar acknowledged that GTA VI development videos had been stolen and published by a hacker who had hacked into its network and acquired private material.
There’s no evidence (yet) that the 2K breach is related to the earlier Rockstar breach, however both Rockstar and 2K are owned by Take-Two Interactive, causing this a very bad week for the parent company’s security record.
Hey folks, please read an important message from our Customer Support team. Thank you. pic.twitter.com/yKI18eL7mY
— 2K Support (@2KSupport) September 20, 2022
2K Games is the publisher of several popular sports, shooter, and action titles, including BioShock, Borderlands, Civilization, as well as the NBA 2K and WWE 2K series. These games have collectively sold hundreds of millions of units, with the NBA 2K series alone exceeding 112 million copies as of 2021. With such a large player base, it’s a major concern when one of a company’s trusted information sources — in this case, the Zendesk-powered support desk — gets compromised.
According to Bleeping Computer, a number of 2K clients received emails on Tuesday mentioning Zendesk support tickets that they had not filed. Zip files containing executable applications described as a new launcher for 2K games were attached to the emails, but they actually included data-stealing malware known as RedLine.
The RedLine virus distributed to clients is widely available on the deep web and is capable of locating and transmitting a wide range of personal data, including saved browser credentials, email account login information, cryptocurrency wallet data, credit card details and more. Bitdefender research revealed over 10,000 RedLine assaults in April, which is likely just a portion of those that occur on a monthly basis.
2K has not yet released any additional details regarding the number of clients that may have been affected. As of Wednesday morning, the company’s Twitter account had not released any new information.
According to the original tweet, the support desk will be unavailable while the corporation addresses the matter. Customers who clicked on the malicious links were told to install and run an antivirus product, monitor their email accounts for unauthorized changes, and reset any browser passwords – a job that may be tricky and time-consuming for anyone affected.
“We deeply apologize for any inconvenience and disruption this matter may cause,” Twitter said in a statement.