Thursday, December 8

2K Customer Data Stolen, Sold Online After Support Desk Scam

Image for article titled 2K Customer Data Was Stolen, Sold Online After Support Desk Scam

Screenshot: NBA 2K23

Back in September, 2K suffered a data breach when hackers were somehow able to gain access to the company’s support desk, and in doing so impersonate official channels in order to get hold of people’s data. At the time the company wasn’t sure what, exactly, had been stolen, but it does now.

Via VGC, an email was finally sent to those affected last week, saying that while there was “no indication that any of your financial information or password(s) held on our systems were compromised”, the thieves were able to get hold of “some personal data that was recorded about you when you contacted us for support, including your email address, helpdesk ID number, gamertag, and console details”.

That data was subsequently put up for sale online, so 2K is urging everyone receiving the October 6 email from them to do the standard stuff like resetting passwords and keeping an eye on their accounts for any suspicious activity. Incredibly, though, 2K’s correspondence also contains the following assurance:

Should I trust emails from 2K?

Yes, our emails are once again secure. However, we still recommend remaining vigilant around online communications across all platforms.

That didn’t help with this hack! This wasn’t a case of hackers impersonating 2K’s support desk, they actually got hold of the keys to it and sent malicious links to people from the official email, so “remaining vigilant” wouldn’t have been much help!

Anyone who received malicious emails from the account and then clicked on the included links was likely exposed to some malware, which 2K says could be mostly nullified by…restarting your computer.

Based on additional investigative work and testing from our team, we believe power off and powering on your device will provide additional protection from the malware.

If you were affected, or just want to read through 2K’s response, you can see the full notice here.



Source link