• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

2K Games Hacked

Regeneration

NGOHQ.COM
Joined
Oct 26, 2005
Messages
2,859 (0.46/day)
I just got the following e-mail from 2K Games:

We are contacting you to let you know that an unauthorized third party gained access to, and a copy of, a limited volume of your personal data held in 2K’s helpdesk system and made it available for sale. We want to emphasize at the outset that keeping personal data safe and secure is very important to us, and we deeply regret that this has happened.

WHAT HAPPENED
On 19 September 2022, we learned that an unauthorized third party illegally accessed the credentials of one of our vendors to the help desk platform that 2K uses to provide support to our customers.

Following further investigation, we discovered that the unauthorized third party accessed and copied some of the personal data we record about you when you contact us for support: the name given when contacting us, email address, helpdesk identification number, gamertag and console details. There is no indication that any of your financial information or password(s) held on our systems were compromised.

We also found that the unauthorized party sent a communication to certain players containing a malicious link purporting to provide a software update from 2K. Instead, the link contained malware that had the potential to compromise data stored on your device, including passwords.

WHAT WE ARE DOING
Upon discovering the incident, we immediately launched a thorough forensic investigation with the assistance of leading outside cybersecurity experts and promptly took steps to address the issue. This included taking the support portal offline while we investigated further and contained the incident. We already contacted all those sent malicious links and have been reporting the incident to appropriate data protection authorities. We also remain in communication with the appropriate law enforcement agencies.

WHAT YOU CAN DO
While our support portal is now back online and you can now contact it as normal, we recommend that you look out for suspicious activity across your accounts and be vigilant for unauthorized third parties trying to leverage the incident to harm you. In particular:

* Look out for scammers. 2K personnel will never ask you for your password or other personal information.
* Never click suspicious links. For example, links to websites that you do not recognize or did not expect to receive.
* Enable multi-factor authentication (MFA) whenever available. If possible, avoid using MFA that relies on text message verification – using an authenticator app is a more secure method.
* Install and run a reputable anti-virus program. This can help protect your device and data.

MORE INFORMATION
We continue to appreciate the support and understanding from our player communities and deeply apologize for any inconvenience and disruption that this matter may have caused. For more information and FAQs, please visit https://2k.com/playerinfo or reach us by visiting this link on our support site and selecting "Email Notification October 6th" from the dropdown menu.
 

64K

Joined
Mar 13, 2014
Messages
5,587 (1.75/day)
Processor i7 7700k
Motherboard MSI Z270 SLI Plus
Cooling CM Hyper 212 EVO
Memory 2 x 8 GB Corsair Vengeance
Video Card(s) MSI RTX 2070 Super
Storage Samsung 850 EVO 250 GB and WD Black 4TB
Display(s) Dell 27 inch 1440p 144 Hz
Case Corsair Obsidian 750D Airflow Edition
Audio Device(s) Onboard
Power Supply EVGA SuperNova 850 W Gold
Mouse Logitech G502
Keyboard Logitech G105
Software Windows 10
Hackers are such pests.
 
Joined
Apr 6, 2021
Messages
589 (0.97/day)
Location
Bavaria ⌬ Germany
System Name ✨ Lenovo M700 [Tiny]
Cooling ⚠️ 78,08% N² ⌬ 20,95% O² ⌬ 0,93% Ar ⌬ 0,04% CO²
Audio Device(s) ◐◑ AKG K702 ⌬ FiiO E10K Olympus 2
Mouse ✌️ Corsair M65 RGB Elite [Black] ⌬ Endgame Gear MPC-890 Cordura
Keyboard ⌨ Turtle Beach Impact 500
WHAT HAPPENED
On 19 September 2022, we learned that an unauthorized third party illegally accessed the credentials of one of our vendors to the help desk platform that 2K uses to provide support to our customers.

Following further investigation, we discovered that the unauthorized third party accessed and copied some of the personal data we record about you when you contact us for support: the name given when contacting us, email address, helpdesk identification number, gamertag and console details. There is no indication that any of your financial information or password(s) held on our systems were compromised.

We also found that the unauthorized party sent a communication to certain players containing a malicious link purporting to provide a software update from 2K. Instead, the link contained malware that had the potential to compromise data stored on your device, including passwords.

So they stole tons of personal data & selling them on the dark net to scam you. o_O Now that's just wonderful!

We are contacting you to let you know that an unauthorized third party gained access to, and a copy of, a limited volume of your personal data held in 2K’s helpdesk system and made it available for sale. We want to emphasize at the outset that keeping personal data safe and secure is very important to us, and we deeply regret that this has happened.

Now that's a bold lie, otherwise it wouldn't have happened. :shadedshu: They cut corners on security and because of that your data is now in thugs hands.
It's just crazy that even today a company which's whole business is "digital" doesn't care about security. Like WTF?!?

Btw. this hack was the one that involved the "Grand Theft Auto 6" leak: Rockstar Games Statement on Grand Theft Footage


A guy made already a video about it. Can't wait for YongYea's take on it, lol. :D He'll be raving when he wakes up.


So if you haven't set up 2FA protection for your accounts (Rockstar, eMail, PSN, Microsoft, etc.) better get on it now!
 
Last edited:
Joined
Dec 14, 2013
Messages
2,364 (0.72/day)
Location
Alabama
Processor Ryzen 2700X
Motherboard X470 Tachi Ultimate
Cooling Scythe Big Shuriken 3
Memory C.R.S.
Video Card(s) Radeon VII
Software Win 7
Benchmark Scores Never high enough
This is becoming a "Thing" to see and hear about these days.
Good thing for me is I don't have any "Gaming" accounts to even worry about since I do not, never have and will not ever use an online gaming service in whole or in part.

All this hackery reminds me of the thing my last employer had as a "Benefit" in that they wanted us to use one of these online "Personal Info" security services like "LifeLock" as an example for our personal data.
They were insisting so much on us using it you actually had to sign a waiver for it NOT to be done every year and that's exactly what I did every year.
I would sign the waiver saying "Don't do it" and not worry about it until the next time to do it came around.

Not very long after I had left the company (Retired/Disabled), the very same service got hacked and shitload of personal data was stolen, including from employees where I was at.....
But not mine since it was never in their database in the first place as intended by me. :D

Best protection you can have is for your info to not be "Out there" period but that's not really 100% possible anymore is it?
No.
I get that but at the same time minimizing what's out there CAN help, like it did in my case.
 
Joined
Apr 12, 2013
Messages
5,428 (1.54/day)
I guess having 2FA security helps, especially wrt financial instruments like cards, credit or debit, & wire transfer or net-banking as it's called here!
 
Joined
Nov 24, 2018
Messages
1,903 (1.30/day)
Location
south wales uk
System Name 1. The Devils Dialysis VR rig 2. intel teliscope rig 3.MSI GP72MVR Leopard Pro .
Processor 1.3900x @stock 2. i7 7700k @5. 3. i7 7700hq
Motherboard 1.aorus x570 ultra 2. z270 Maximus IX Hero
Cooling 1.Hard tube loop, cpu and gpu 2. Hard loop cpu and gpu
Memory 1.hyperx preditor @3600 16gb 2.vengence 32gb @3000 3. 16gb hyperx @2400
Video Card(s) 1.Aorus Xtreme RTX2080 Waterforce 2. MSI 1080 8gb with EKWB 3. 1060 3gb.
Storage 1 M.2 500gb , 2 3tb HDs 2. 256gb ssd, 3tbHD 3. 256 m.2. 1tb ssd
Display(s) 1.LG 50" UHD , oculus rift S.2 MSI Optix MAG342C UWHD. SONY bravia 1080p, . 3.17" 120 hz display
Case 1. Thermaltake P5 2. Thermaltake P3
Audio Device(s) 1 Onboard 2 Onboard 3 Onboard
Power Supply 1.seasonic gx 850w 2. seasonic gx 750w
Mouse 1 ROG Gladius 2 Corsair m65 pro
Keyboard 1. ROG Strix Flare 2. Corsair F75 RBG 3. steelseries RBG
VR HMD rift and rift S and Quest 2.
Software 1. win10 pro 2. win10 pro 3, win10 home
Benchmark Scores 1.7821 cb20 ,cb15 3442 1c 204 cpu-z 1c 539 12c 8847 2. 1106 cb 3.cb 970
where do we apply for compo :) .
 

INSTG8R

Vanguard Beta Tester
Joined
Nov 26, 2004
Messages
7,646 (1.16/day)
Location
Canuck in Norway
System Name Hellbox 5.1(same case new guts)
Processor Ryzen 7 5800X3D
Motherboard MSI X570S MAG Torpedo Max
Cooling TT Kandalf L.C.S.(Water/Air)EK Velocity CPU Block/Noctua EK Quantum DDC Pump/Res
Memory 2x16GB Gskill Trident Neo Z 3600 CL16
Video Card(s) Sapphire 6700XT Nitro+
Storage 970 Evo Plus 500GB 2xSamsung 850 Evo 500GB RAID 0 1TB WD Blue Corsair MP600 Core 2TB
Display(s) Alienware OLED 34” 3440x1440 175Hz
Case TT Kandalf L.C.S.
Audio Device(s) Soundblaster ZX/Logitech Z906 5.1
Power Supply Seasonic TX~’850 Platinum
Mouse G502 Proteus Spectrum
Keyboard G19s
VR HMD Oculus Quest 2
Software Win 10 Pro x64
While I did of course change my password(turns out it was a pretty old and weak one anyway)2K still doesn't offer any kind of 2FA...I don't mind having accounts across the internet but most of them weak password or not all have 2FA on so if any of them have attempts made at trying to breach them I at least get a 2FA notification however that might be and can check the status of said account after using 2FA....

I guess having 2FA security helps, especially wrt financial instruments like cards, credit or debit, & wire transfer or net-banking as it's called here!
I literally can't do much of anything without having my phone nearby because any and all purchases and most say government sign ins requires a 2FA system than pretty much everyone has and is required to use. They used to use code bricks(apparently you still can)But when mine died I made the switch to "BankID" as it's called here and even the current method of using your phone number/challenge word/PIN method is being phased out for a OTP system which when I have used it so far is much more efficient yet any government type site I've logged into recently is still using the old "Mobile" system...
 

bug

Joined
May 22, 2015
Messages
10,957 (3.98/day)
Processor Intel i5-12600k
Motherboard Asus H670 TUF
Cooling Arctic Freezer 34
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s) Dell U3219Q + HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
While I did of course change my password(turns out it was a pretty old and weak one anyway)2K still doesn't offer any kind of 2FA...I don't mind having accounts across the internet but most of them weak password or not all have 2FA on so if any of them have attempts made at trying to breach them I at least get a 2FA notification however that might be and can check the status of said account after using 2FA....
2FA wouldn't have helped, the hack happened at a partner that had access to 2K customer data.
 

INSTG8R

Vanguard Beta Tester
Joined
Nov 26, 2004
Messages
7,646 (1.16/day)
Location
Canuck in Norway
System Name Hellbox 5.1(same case new guts)
Processor Ryzen 7 5800X3D
Motherboard MSI X570S MAG Torpedo Max
Cooling TT Kandalf L.C.S.(Water/Air)EK Velocity CPU Block/Noctua EK Quantum DDC Pump/Res
Memory 2x16GB Gskill Trident Neo Z 3600 CL16
Video Card(s) Sapphire 6700XT Nitro+
Storage 970 Evo Plus 500GB 2xSamsung 850 Evo 500GB RAID 0 1TB WD Blue Corsair MP600 Core 2TB
Display(s) Alienware OLED 34” 3440x1440 175Hz
Case TT Kandalf L.C.S.
Audio Device(s) Soundblaster ZX/Logitech Z906 5.1
Power Supply Seasonic TX~’850 Platinum
Mouse G502 Proteus Spectrum
Keyboard G19s
VR HMD Oculus Quest 2
Software Win 10 Pro x64
2FA wouldn't have helped, the hack happened at a partner that had access to 2K customer data.
Still doesn't change the fact they don't offer 2FA and when I logged into my account to change my password I was "informed" my Profile was only 75% complete because I hadn't linked a Social Media account...
Yeah as IF...
 

bug

Joined
May 22, 2015
Messages
10,957 (3.98/day)
Processor Intel i5-12600k
Motherboard Asus H670 TUF
Cooling Arctic Freezer 34
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s) Dell U3219Q + HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
Why, don't you have OTP (based 2FA) over there? How would they gain access to that?
Over where? Partners usually integrate using B2B solutions, they need programmatic access to the data. 2FA doesn't work there.
 
Joined
Aug 29, 2005
Messages
6,438 (1.02/day)
Location
Whatever my internet protocol shows I guess O.o
System Name Lynni The Dark Hero
Processor AMD Ryzen 7 5800X3D (Not sure what to do :/)
Motherboard Asus ROG Crosshair VIII Dark Hero Bios 4201
Cooling Noctua NH-D15 Chromax.Black (Only middle fan)
Memory Geil Dragon 4x8GB@3000mhz 16-17-17-35 T1 (GWW416GB3000C15DC)
Video Card(s) PowerColor RX 6800 XT Red Devil 2400/2000MHz@1.050V | Sapphire Radeon RX 590 Nitro+ Special Edition
Storage OS/Games:Gigabyte M30 1TB|Sabrent Rocket 2TB|Data: 850EVO 1TB, 1xExos 16TB 1, 1xWD 10TB & WD 1TB
Display(s) LG UltraGear 27GP850-B 1440p@165Hz | LG 55UK6100PLB IPS 4K HDR | LG 48CX OLED 4K HDR
Case Fractal Design Meshify 2 Tempered Glass White/Black
Audio Device(s) Steelseries Arctis Pro Wireless
Power Supply Seasonic Prime 1200 watt 80Plus Platinum (Backup Seasonic Focus PX 750W Platinum)
Mouse Logitech G305 Lightspeedy Wireless
Keyboard Razer Blackwidow Chroma X UK
Software Win11 Pro 22H2 UK (Build 22000.832)
Benchmark Scores Not benchmarking anymore only Gaming. GPU-Z: https://www.techpowerup.com/gpuz/details/3dq6f
Hackers are such pests.
This is also why public security like in Denmark with EasyID and YourID (Translated names) are used but is also a hassle for older and people with electronic problems in general.

The rest of the world has to adapt because groups of people (hackers and such) makes life harder for the normal person because we have to try to be secured in a digital world.

I do miss the late 80's and 90's I felt life was easier then now even I didn't experience a lot of the 80's had to be born :banghead:

Being a pre-2000 ain't always easy and the younger generation got be feeling old from time to time.

But 2FA is a start but not a complete solution it can still be hacked and a lot of companies using 2FA cannot even deactivate/reactivate an account with it enable without doing a user data wipe so it's far from perfect but I guess we have to start some where.
 
Joined
Apr 12, 2013
Messages
5,428 (1.54/day)
Over where? Partners usually integrate using B2B solutions, they need programmatic access to the data. 2FA doesn't work there.
Generally true but at least with the way things are implemented here without an OTP or other form of authentication you can't pay, or get charged, for products or services. There are other services which have an additional layer, 3FA if you will but they're generally for really high value transactions like MF or (stock) trading.

For personal details you're right it's a bit of an issue & that's something we can't run away from, unless the ones handling our data get penalized for such hacks!
 
Joined
Jun 16, 2013
Messages
1,368 (0.40/day)
Location
Australia
System Name Current gaming rig + others...
Processor Core i7-11700K@8x50x, 43x ringbus / FX-8350@4.5GHz turbo / Phenom II X6 1055T@stock
Motherboard MSI Z590 Unify / Asus Sabertooth 990FX R2.0 / Asrock 890GM Pro3 R2.0
Cooling Cryorig R1 Ultimate+2xCorsair ML140 / Gigabyte MA620P / Thermaltake NiC F4
Memory 32GB kit NeoForza@4600 CL19 / G.Skill F3-2133C11Q-16GAO / 8GB kit Patriot viper7@2000Mhz
Video Card(s) RX 6800 XT / R9 Nano / 2 x HD7870 GHz edition
Storage 2x Kingston KC3000 1TB / Samsung 850 Pro 250GB / WD Blue 250GB SSD
Display(s) Samsung 32" Odyssey G5 / Numerous Philips 27 + 28" LCD panels...
Case Nanoxia Deep Silence 5 Rev.B / Lots of nice cheap cases!
Audio Device(s) Asus Xonar AE 7.1+Razer Tiamat 7.1/, Onboard for the rest of them...
Power Supply Corsair RM1000x V2 /Corsair RM750x V2 / Silverstone SST-ST55F-G
Mouse MSI Interceptor DS300 + Lots of optical mice!
Keyboard Razer Blackwidow Ultimate Stealth /steelseries 6G V2
Software Win10 x64 x 3
This is becoming a "Thing" to see and hear about these days.
Good thing for me is I don't have any "Gaming" accounts to even worry about since I do not, never have and will not ever use an online gaming service in whole or in part.

All this hackery reminds me of the thing my last employer had as a "Benefit" in that they wanted us to use one of these online "Personal Info" security services like "LifeLock" as an example for our personal data.
They were insisting so much on us using it you actually had to sign a waiver for it NOT to be done every year and that's exactly what I did every year.
I would sign the waiver saying "Don't do it" and not worry about it until the next time to do it came around.

Not very long after I had left the company (Retired/Disabled), the very same service got hacked and shitload of personal data was stolen, including from employees where I was at.....
But not mine since it was never in their database in the first place as intended by me. :D

Best protection you can have is for your info to not be "Out there" period but that's not really 100% possible anymore is it?
No.
I get that but at the same time minimizing what's out there CAN help, like it did in my case.
Great post! but you don't even have a steam account?
 
Joined
Dec 14, 2013
Messages
2,364 (0.72/day)
Location
Alabama
Processor Ryzen 2700X
Motherboard X470 Tachi Ultimate
Cooling Scythe Big Shuriken 3
Memory C.R.S.
Video Card(s) Radeon VII
Software Win 7
Benchmark Scores Never high enough
Top