Video Game Publisher Admits Helpdesk Was Hijacked

US video game publisher 2K has warned players of its titles not to click on links sent out by its help desk recently, as they are likely to be malicious.

The firm, which is a subsidiary of Take-Two Interactive, released a brief statement on Twitter overnight.

“Earlier today, we became aware that an unauthorized third party illegally accessed the credentials of one of our vendors to the help desk platform that 2K uses to provide support to our customers,” the message read.

“The unauthorized party sent a communication to certain players containing a malicious link. Please do not open any emails or click on any links that you receive from the 2K Games support account.”

The firm urged any users who have already clicked on one of these malicious links to:

  • Reset account passwords stored in their browser
  • Enable multi-factor authentication (MFA) on all sensitive accounts like email and online banking, preferably via an authentication app rather than text message
  • Install and run anti-virus from a reputable vendor
  • Check account settings to see if any forwarding rules have been added on email accounts

The 2K Games support function is now offline while the firm investigates, and will remain so until the firm makes an announcement to the contrary.

The malware in question is reportedly designed to steal information from victims, including their passwords.

The incident comes just days after an alleged member of the infamous extortion group Lapsus$ compromised sister company Rockstar Games, stealing and publishing in-development footage of Grand Theft Auto 6.

There have also been suggestions that the same actor may have been responsible for the recent Uber breach which saw the ride-hailing giant’s IT systems compromised.

One 2K Games customer responded angrily to the new post, claiming that they informed the company about the compromise 10 hours before it finally notified all users.

What’s Hot on Infosecurity Magazine?