2K Games Hacked

[Regeneration]

I just got the following e-mail from 2K Games:

We are contacting you to let you know that an unauthorized third party gained access to, and a copy of, a limited volume of your personal data held in 2K’s helpdesk system and made it available for sale. We want to emphasize at the outset that keeping personal data safe and secure is very important to us, and we deeply regret that this has happened.

WHAT HAPPENED
On 19 September 2022, we learned that an unauthorized third party illegally accessed the credentials of one of our vendors to the help desk platform that 2K uses to provide support to our customers.

Following further investigation, we discovered that the unauthorized third party accessed and copied some of the personal data we record about you when you contact us for support: the name given when contacting us, email address, helpdesk identification number, gamertag and console details. There is no indication that any of your financial information or password(s) held on our systems were compromised.

We also found that the unauthorized party sent a communication to certain players containing a malicious link purporting to provide a software update from 2K. Instead, the link contained malware that had the potential to compromise data stored on your device, including passwords.

WHAT WE ARE DOING
Upon discovering the incident, we immediately launched a thorough forensic investigation with the assistance of leading outside cybersecurity experts and promptly took steps to address the issue. This included taking the support portal offline while we investigated further and contained the incident. We already contacted all those sent malicious links and have been reporting the incident to appropriate data protection authorities. We also remain in communication with the appropriate law enforcement agencies.

WHAT YOU CAN DO
While our support portal is now back online and you can now contact it as normal, we recommend that you look out for suspicious activity across your accounts and be vigilant for unauthorized third parties trying to leverage the incident to harm you. In particular:

* Look out for scammers. 2K personnel will never ask you for your password or other personal information.
* Never click suspicious links. For example, links to websites that you do not recognize or did not expect to receive.
* Enable multi-factor authentication (MFA) whenever available. If possible, avoid using MFA that relies on text message verification – using an authenticator app is a more secure method.
* Install and run a reputable anti-virus program. This can help protect your device and data.

MORE INFORMATION
We continue to appreciate the support and understanding from our player communities and deeply apologize for any inconvenience and disruption that this matter may have caused. For more information and FAQs, please visit https://2k.com/playerinfo or reach us by visiting this link on our support site and selecting "Email Notification October 6th" from the dropdown menu.

 

[64K]

Hackers are such pests.

 

[MarsM4N]

WHAT HAPPENED
On 19 September 2022, we learned that an unauthorized third party illegally accessed the credentials of one of our vendors to the help desk platform that 2K uses to provide support to our customers.

Following further investigation, we discovered that the unauthorized third party accessed and copied some of the personal data we record about you when you contact us for support: the name given when contacting us, email address, helpdesk identification number, gamertag and console details. There is no indication that any of your financial information or password(s) held on our systems were compromised.

We also found that the unauthorized party sent a communication to certain players containing a malicious link purporting to provide a software update from 2K. Instead, the link contained malware that had the potential to compromise data stored on your device, including passwords.

So they stole tons of personal data & selling them on the dark net to scam you. Now that's just wonderful!

We are contacting you to let you know that an unauthorized third party gained access to, and a copy of, a limited volume of your personal data held in 2K’s helpdesk system and made it available for sale. We want to emphasize at the outset that keeping personal data safe and secure is very important to us, and we deeply regret that this has happened.

Now that's a bold lie, otherwise it wouldn't have happened. They cut corners on security and because of that your data is now in thugs hands.
It's just crazy that even today a company which's whole business is "digital" doesn't care about security. Like WTF?!?

Btw. this hack was the one that involved the "Grand Theft Auto 6" leak: Rockstar Games Statement on Grand Theft Footage


A guy made already a video about it. Can't wait for YongYea's take on it, lol. He'll be raving when he wakes up.

So if you haven't set up 2FA protection for your accounts (Rockstar, eMail, PSN, Microsoft, etc.) better get on it now!

 

[Bones]

This is becoming a "Thing" to see and hear about these days.
Good thing for me is I don't have any "Gaming" accounts to even worry about since I do not, never have and will not ever use an online gaming service in whole or in part.

All this hackery reminds me of the thing my last employer had as a "Benefit" in that they wanted us to use one of these online "Personal Info" security services like "LifeLock" as an example for our personal data.
They were insisting so much on us using it you actually had to sign a waiver for it NOT to be done every year and that's exactly what I did every year.
I would sign the waiver saying "Don't do it" and not worry about it until the next time to do it came around.

Not very long after I had left the company (Retired/Disabled), the very same service got hacked and shitload of personal data was stolen, including from employees where I was at.....
But not mine since it was never in their database in the first place as intended by me.

Best protection you can have is for your info to not be "Out there" period but that's not really 100% possible anymore is it?
No.
I get that but at the same time minimizing what's out there CAN help, like it did in my case.

 

[R0H1T]

I guess having 2FA security helps, especially wrt financial instruments like cards, credit or debit, & wire transfer or net-banking as it's called here!

 

[xtreemchaos]

where do we apply for compo .

 

[INSTG8R]

While I did of course change my password(turns out it was a pretty old and weak one anyway)2K still doesn't offer any kind of 2FA...I don't mind having accounts across the internet but most of them weak password or not all have 2FA on so if any of them have attempts made at trying to breach them I at least get a 2FA notification however that might be and can check the status of said account after using 2FA....

I guess having 2FA security helps, especially wrt financial instruments like cards, credit or debit, & wire transfer or net-banking as it's called here!

I literally can't do much of anything without having my phone nearby because any and all purchases and most say government sign ins requires a 2FA system than pretty much everyone has and is required to use. They used to use code bricks(apparently you still can)But when mine died I made the switch to "BankID" as it's called here and even the current method of using your phone number/challenge word/PIN method is being phased out for a OTP system which when I have used it so far is much more efficient yet any government type site I've logged into recently is still using the old "Mobile" system...

 

[bug]

While I did of course change my password(turns out it was a pretty old and weak one anyway)2K still doesn't offer any kind of 2FA...I don't mind having accounts across the internet but most of them weak password or not all have 2FA on so if any of them have attempts made at trying to breach them I at least get a 2FA notification however that might be and can check the status of said account after using 2FA....

2FA wouldn't have helped, the hack happened at a partner that had access to 2K customer data.

 

[INSTG8R]

2FA wouldn't have helped, the hack happened at a partner that had access to 2K customer data.

Still doesn't change the fact they don't offer 2FA and when I logged into my account to change my password I was "informed" my Profile was only 75% complete because I hadn't linked a Social Media account...
Yeah as IF...

 

[R0H1T]

2FA wouldn't have helped, the hack happened at a partner that had access to 2K customer data.

Why, don't you have OTP (based 2FA) over there? How would they gain access to that?

 

[bug]

Why, don't you have OTP (based 2FA) over there? How would they gain access to that?

Over where? Partners usually integrate using B2B solutions, they need programmatic access to the data. 2FA doesn't work there.

 

[Shou Miko]

Hackers are such pests.

This is also why public security like in Denmark with EasyID and YourID (Translated names) are used but is also a hassle for older and people with electronic problems in general.

The rest of the world has to adapt because groups of people (hackers and such) makes life harder for the normal person because we have to try to be secured in a digital world.

I do miss the late 80's and 90's I felt life was easier then now even I didn't experience a lot of the 80's had to be born

Being a pre-2000 ain't always easy and the younger generation got be feeling old from time to time.

But 2FA is a start but not a complete solution it can still be hacked and a lot of companies using 2FA cannot even deactivate/reactivate an account with it enable without doing a user data wipe so it's far from perfect but I guess we have to start some where.

 

[R0H1T]

Over where? Partners usually integrate using B2B solutions, they need programmatic access to the data. 2FA doesn't work there.

Generally true but at least with the way things are implemented here without an OTP or other form of authentication you can't pay, or get charged, for products or services. There are other services which have an additional layer, 3FA if you will but they're generally for really high value transactions like MF or (stock) trading.

For personal details you're right it's a bit of an issue & that's something we can't run away from, unless the ones handling our data get penalized for such hacks!

 

[AlwaysHope]

This is becoming a "Thing" to see and hear about these days.
Good thing for me is I don't have any "Gaming" accounts to even worry about since I do not, never have and will not ever use an online gaming service in whole or in part.

All this hackery reminds me of the thing my last employer had as a "Benefit" in that they wanted us to use one of these online "Personal Info" security services like "LifeLock" as an example for our personal data.
They were insisting so much on us using it you actually had to sign a waiver for it NOT to be done every year and that's exactly what I did every year.
I would sign the waiver saying "Don't do it" and not worry about it until the next time to do it came around.

Not very long after I had left the company (Retired/Disabled), the very same service got hacked and shitload of personal data was stolen, including from employees where I was at.....
But not mine since it was never in their database in the first place as intended by me.

Best protection you can have is for your info to not be "Out there" period but that's not really 100% possible anymore is it?
No.
I get that but at the same time minimizing what's out there CAN help, like it did in my case.

Great post! but you don't even have a steam account?

 

[Bones]

Great post! but you don't even have a steam account?

Nope.
Don't have one, don't want it.