American video game publisher 2K has confirmed that its help desk platform was hacked and used to target customers with fake support tickets pushing malware via embedded links.
“Earlier today, we became aware that an unauthorized third party illegally accessed the credentials of one of our vendors to the help desk platform that 2K uses to provide support to our customers,” 2K’s support account tweeted on Tuesday after BleepingComputer broke the story on the security breach.
“The unauthorized party sent a communication to certain players containing a malicious link. Please do not open any emails or click on any links that you receive from the 2K Games support account.”
The company advised those who might have clicked one of the malicious links sent by the attackers to take steps to mitigate the potential impact immediately:
- Reset any user account passwords stored in your web browser (e.g., Chrome AutoFill)
- Enable multi-factor authentication (MFA) whenever available, especially on personal email, banking, and phone or Internet provider accounts. If possible, avoid using MFA that relies on text message verification – using an authenticator app would be the most secure method
- Install and run a reputable anti-virus program
- Check your account settings to see if any forwarding rules have been added or changed on your personal email accounts
2K added that its support portal was taken offline earlier while the video game publisher investigates and addresses the incident’s fallout.
The company said it would issue a notice to let players know when it will be safe to start interacting with its support staff again.
