Game developer 2K hacked days after Rockstar hack and GTA6 leak
2K, a game developer owned by Take-Two Interactive Software Inc., has been hacked days after Rockstar Games Inc., another division of Take-Two, was also hacked, and footage from the upcoming “Grand Theft Auto 6” game was leaked online.
The hack of 2K, which publishes games such as “Borderlands,” “Civilization” and “Bioshock,” involved an unauthorized third party gaining access to the credentials of a vendor of the help desk platform used by the company. In accordance a warning published Tuesday by 2k, the unauthorized party “sent a communication to certain players containing a malicious link.”
All players who received the malicious link and clicked on it are advised to reset user account passwords stored in their browsers and enable two-factor authentication where possible – while avoiding 2FA with text message verification. Players are also advised to install and run a reputable antivirus program and check their account settings to see if any forwarding rules have been added to their email accounts.
The compromise may be ongoing, with 2K saying its support portal will “remain offline while we resolve this issue” and that it will notify players when support is available again.
Although 2K did not name the vendor, the company specifically uses Zendesk Inc. for its support portal. It is unknown if a Zendesk account was compromised or if the account belongs to another third-party provider used by 2K, which also had access to the Zendesk-powered support portal.
Bleeping Computer reported Tuesday that the messages received by 2K users came from a fake 2K support representative named “Prince K.” The messages included an attached file called “2K Launcher.zip” hosted directly on 2ksupport.zendesk.com, which pretended to be a new game launcher. The zip file contained an unsigned file called “2k Launcher.exe” which included RedLine Stealer, an inexpensive password stealer sold on underground forums.
“The depth of the 2K Games breach is another cautionary tale about supply chain security,” David Maynor, senior director of threat intelligence at cybersecurity training company Cybrary Inc., told SiliconANGLE. “This compromise allowed the attackers to send official email and host malware directly on their help desk server.”
Maynor added that the scale of the attack seemed limited only by the attackers’ imaginations. “2K Games just released ‘NBA 2K23,’ a popular basketball franchise that brought extra scrutiny to the 2K Games support platform,” he said.
Surja Chatterjea, head of product and alliances at enterprise cybersecurity solutions provider Skybox Security Inc., described the Redline Stealer malware as “highly sophisticated but low-cost info stealer” that is notorious in the malware-as-a-service economy for its widespread impact.
“Earlier this year, there were reports of RedLine Stealer being installed on the computers of unsuspecting victims via an Internet Explorer vulnerability on outdated browsers,” Chatterjea explained, adding that “companies need to address vulnerability risks before threat actors can exploit them.”
Show your support for our mission by joining the Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more corp and experts.