Hackers have really been targeting the gaming industry this week — and seem to have focused on companies linked to Take-Two Interactive.
On Tuesday, game publisher 2K Games notified the public that an “unauthorized third party” had compromised its help desk platform and used it to send malicious links to customers. The disclosure came just one day after Rockstar confirmed that development footage from GTA VI was stolen and leaked by a hacker who had broken into its network and downloaded confidential data.
There’s no sign (yet) that the 2K hack is linked to the earlier breach of Rockstar, but both Rockstar and 2K are owned by Take-Two Interactive, making it an especially damaging week for the parent company’s security record.
2K Games is the publisher of a number of popular franchises across the sports, shooter, and action genres, including Borderlands, BioShock, Civilization, and the NBA 2K and WWE 2K series. Collectively, these games have sold hundreds of millions of units: the NBA 2K franchise alone had sold 112 million copies as of 2021. With this huge base of players, it’s a big deal when one of the company’s trusted information channels — in this case, the support desk, operated through Zendesk — is compromised.
According to reports from BleepingComputer, on Tuesday, a number of 2K customers received emails referencing Zendesk support tickets they had not created. Attached to the emails were zip files containing executable programs labeled as a new launcher for 2K games — but that actually contained information-stealing malware known as RedLine.
The RedLine malware that was sent to customers is commonly sold on the dark web and is able to locate and transmit a wide range of sensitive data, such as saved browser passwords, email account login details, cryptocurrency wallet information, credit card information, and more. In April, research from Bitdefender identified over 10,000 attacks using RedLine — likely only a fraction of the number that take place on a monthly basis.
So far, 2K has not provided additional information about the number of customers that might have been affected. The company’s Twitter account had not posted any further updates as of Wednesday morning, and the company did not respond to questions from The Verge by time of publication.
Per details shared in the initial tweet, the support desk will remain offline while the company addresses the situation. Any customers who had interacted with the malicious links were advised to install and run an antivirus program, monitor their email accounts for unauthorized changes, and reset any passwords stored in the browser — a task that could prove difficult and time-consuming for anyone affected.
“We deeply apologize for any inconvenience and disruption this matter may cause,” the Twitter statement said.