GTA Take-Two Editor’s Bad Week Gets Worse With Disaster Hack
September 21, 2022
Take-Two is definitely not having a good time. Next the colossal escape of the weekend GTA VIhis septimana horribilis continue with the fresh news that its 2K Games support services have been hackedand customers are now receiving phishing scams.
Posting on the official 2K Support Twitter account, 2K explained that their support platform was hacked and the invader got away with a whole bunch of customer emails. He says he “became aware that an unauthorized third party had illegally accessed the credentials of one of our vendors on the support platform that 2K uses to provide support to our customers.”
The tweeted statement continues: “The unauthorized party sent a communication to some players containing a malicious link. Please do not open any emails or click any links you receive from the 2K Games support account.” (Their emphasis.)
That’s a pretty dire deal for 2K. Usually, when a network intrusion is detected, companies are able to identify that even if email addresses have been accessed, they can reassure that passwords are salted and hashed, and that the information of credit card not consulted, etc. But here the attacker was clearly able to use 2K’s systems to contact customers from the official account, and thereby bypass any of the usual spam filters or common sense bullshit detectors a person may have in place.
G/O Media may receive a commission
$10 or more
Humble Bundle – Starlight Bundle
Benefiting the Starlight Children’s Foundation For $10 or more, you can help hospitalized children access video games and also get some fun games, including Lego Star Wars – The Complete Saga.
2K has taken their “support portal” offline while they try to figure out what happened, which isn’t very pretty, especially the week of the NBA 2K23the exit. The statement reads, “We will post a notice when you can resume interaction with official 2K Support emails,” which is…not a foolproof method. First, it makes it look like there might be a time when a previously unread phishing email could be safely clicked on, and second, it barely reaches the people who received the email, who aren’t lucky enough to have noticed the tweet (or read the media coverage).
Meanwhile, those with open tickets are being told, at the time of writing, that 2K doesn’t have “an estimate of when you’ll get a response”, with the somewhat tongue-in-cheek suggestion that they “remain listening by e-mail”.
Read more:NBA 2K23: The Kotaku Review
For those who think they may have already fallen for the phishing trap, 2K recommends users reset all passwords, enable multi-factor authentication (but avoid SMS verification!), clutter their PC with anti-virus software and “check your account settings to see if any forwarding rules have been added or changed on your personal email accounts.”
Many of the responses to the statement came from destitute customers, claiming to have lost their accounts or seen money withdrawn from their games. Many more are from people who have clicked on the links in the emails, but are unsure whether they have caused harm to their devices or their account, and are not getting clear answers.
It seems that many phishing emails are signed by “Shikhar A” and contain a link to a .zip file, claiming to be a new version of the 2K launcher. It’s a safe bet to say you don’t want to download this, if you received such an email.
We reached out to 2K to ask for more details about the attack and to ask why it took so long to send the warning, but despite the responses’ potential usefulness to their customers, we were sharply told, “We are not commenting not beyond 2K’s social media posts related to the case.