TeqGo.com
No Result
View All Result
No Result
View All Result
TeqGo.com
No Result
View All Result
Home Computer

2K warns users their info has been stolen following breach of its help desk

Staff by Staff
October 11, 2022
in Computer
0
2K warns users their info has been stolen following breach of its help desk
466
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter


Game company 2K on Thursday warned users to remain on the lookout for suspicious activity across their accounts following a breach last month that allowed a threat actor to obtain email addresses, names, and other sensitive information provided to 2K’s support team.

The breach occurred on September 19, when the threat actor illegally obtained system credentials belonging to a vendor 2K uses to run its help desk platform. 2K warned users a day later that the threat actor used unauthorized access to send some users emails that contained malicious links. The company warned users not to open any emails sent by its online support address or click on any links in them. If users already clicked on links, 2K urged them to change all passwords stored in their browsers.

On Thursday, after an outside party completed a forensic investigation, 2K sent an unknown number of users an email warning them that the threat actor was able to obtain some of the personal information they supplied to help desk personnel. The email stated:

Following further investigation, we discovered that the unauthorized third party accessed and copied some of the personal data we record about you when you contact us for support: the name given when contacting us, email address, helpdesk identification number, gamertag and console details. There is no indication that any of your financial information or password(s) held on our systems were compromised.

We also found that the unauthorized party sent a communication to certain players containing a malicious link purporting to provide a software update from 2K. Instead, the link contained malware that had the potential to compromise data stored on your device, including passwords.

An online FAQ said there was no indication that online assets were affected and that anyone who received one of the malicious emails had already received a later email from 2K informing them of this. The FAQ went on to say that it’s now safe to use the online help portal and to once again trust emails sent from the support address. Out of an abundance of caution, 2K encouraged all players to reset account passwords and ensure that multifactor authentication has been turned on.

Advertisement

It has been a rough few weeks for companies owned by Take-Two Interactive. On September 19, Rockstar Games said it experienced a network intrusion that resulted in the theft of confidential development footage for the next installment of its blockbuster game franchise Grand Theft Auto. Dozens of videos posted online included roughly 50 minutes of early gameplay that provided spoilers relating to the protagonists and settings for the long-anticipated sequel. Rockstar has been famously tight-lipped about such details in an attempt to generate buzz about upcoming releases.
Rachel Tobac, CEO of SocialProof Security, a company focused on social engineering prevention, said that the targeting of 2K’s help desk has been a recurring theme in recent breaches. The teenagers behind a 2020 breach of Twitter, for instance, targeted members of the company’s customer support team in phone-based phishing attacks that successfully tricked them into revealing their passwords and two-factor authentication codes.

“We continue to see cybercriminals target customer support and help desk credentials in their hacks because the admin tools those roles have access to are extremely powerful and full of sensitive user data,” she said in an online discussion. “For that reason, I continue to recommend upgrading MFA to match the threat model of client-facing roles like Helpdesk.”

2FA that relies on one-time passcodes sent through SMS or generated by apps remain wide open to credential phishing attacks, something security firm Twilio recently learned the hard way. 2FA based on the FIDO2 industry standard, by contrast, is credential-phishing proof. Despite being an open standard that works across a wide ecosystem of devices and form factors, FIDO2 is still not widely used.

2K’s advisory today means that the threat actor has enough information about specific users to produce convincing scams that might be hard for people to recognize. Any communications purporting to be related to 2K or gaming in general should receive extra scrutiny from people who received Thursday’s email.

2K’s advice that all users change their account passwords is also solid. Users should use a password manager to generate a long, random phrase or string unique to their 2K account. Even when 2FA offerings aren’t FIDO2 compliant, they provide more protection than not using 2FA at all.





Source link

Previous Post

Easily Change Your Nameservers With This Method > 9ja Tide

Next Post

Pro-Russia Hackers Claim DDOS Attacks Against US Airport Websites

Next Post
Pro-Russia Hackers Claim DDOS Attacks Against US Airport Websites

Pro-Russia Hackers Claim DDOS Attacks Against US Airport Websites

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended.

Apple Might Use 'Reality' Naming Convention for Its Mixed Reality Devices

Apple Might Use ‘Reality’ Naming Convention for Its Mixed Reality Devices

August 30, 2022

What is the meaning of 10 decade?

August 23, 2022

Trending.

How To Delete GameStop Account – A Step By Step Guide

August 23, 2022

How To Create A Pokémon Trainer Club Account

August 23, 2022

Why is Ben Bailey leaving WDIV?

August 24, 2022

What happened to Andrew Humphrey on Channel 4 weather?

August 24, 2022

What is a 100000 year period called?

August 23, 2022
  • About us
  • Contact Us
  • Home
  • Privacy Policy and Disclaimer

© 2021-2023 Teqgo.com

No Result
View All Result
  • About us
  • Contact Us
  • Home
  • Privacy Policy and Disclaimer

© 2021-2023 Teqgo.com