GTA Take-Two Editor’s Bad Week Gets Worse With Disaster Hack

A bearded basketball player shrugs his shoulders and looks very disturbed.

Screenshot: 2K / Kotaku

Take-Two is definitely not having a good time. Next the colossal escape of the weekend GTA VIhis septimana horribilis continue with the fresh news that its 2K Games support services have been hackedand customers are now receiving phishing scams.

Posting on the official 2K Support Twitter account, 2K explained that their support platform was hacked and the invader got away with a whole bunch of customer emails. He says he “became aware that an unauthorized third party had illegally accessed the credentials of one of our vendors on the support platform that 2K uses to provide support to our customers.”

The tweeted statement continues: “The unauthorized party sent a communication to some players containing a malicious link. Please do not open any emails or click any links you receive from the 2K Games support account.(Their emphasis.)

Warning statement from 2K Support regarding a phishing email scam, in white text on a blue background.

Chart: 2K support

That’s a pretty dire deal for 2K. Usually, when a network intrusion is detected, companies are able to identify that even if email addresses have been accessed, they can reassure that passwords are salted and hashed, and that the information of credit card not consulted, etc. But here the attacker was clearly able to use 2K’s systems to contact customers from the official account, and thereby bypass any of the usual spam filters or common sense bullshit detectors a person may have in place.

2K has taken their “support portal” offline while they try to figure out what happened, which isn’t very pretty, especially the week of the NBA 2K23the exit. The statement reads, “We will post a notice when you can resume interaction with official 2K Support emails,” which is…not a foolproof method. First, it makes it look like there might be a time when a previously unread phishing email could be safely clicked on, and second, it barely reaches the people who received the email, who aren’t lucky enough to have noticed the tweet (or read the media coverage).

Meanwhile, those with open tickets are being told, at the time of writing, that 2K doesn’t have “an estimate of when you’ll get a response”, with the somewhat tongue-in-cheek suggestion that they “remain listening by e-mail”.

Read more: NBA 2K23: The Kotaku Review

For those who think they may have already fallen for the phishing trap, 2K recommends users reset all passwords, enable multi-factor authentication (but avoid SMS verification!), clutter their PC with anti-virus software and “check your account settings to see if any forwarding rules have been added or changed on your personal email accounts.”

There’s even more reason to worry when you notice that a customer acknowledged that a probable hack had occurred ten hours before the release of the statement, but palmed off by the official account. The the original customer responded nearly nine hours before the hack was confirmed, saying, “at this point it’s very clear that you’ve been hacked on some support related stuff.. make a statement already before the damage gets too bad. “

Many of the responses to the statement came from destitute customers, claiming to have lost their accounts or seen money withdrawn from their games. Many more are from people who have clicked on the links in the emails, but are unsure whether they have caused harm to their devices or their account, and are not getting clear answers.

It seems that many phishing emails are signed by “Shikhar A” and contain a link to a .zip file, claiming to be a new version of the 2K launcher. It’s a safe bet to say you don’t want to download this, if you received such an email.

We reached out to 2K to ask for more details about the attack and to ask why it took so long to send the warning, but despite the responses’ potential usefulness to their customers, we were sharply told, “We are not commenting not beyond 2K’s social media posts related to the case.