2K Games Confirms The Extent Of Last Month's User Data Hack
About three weeks ago, game publisher 2K Games, the company behind some of gaming's biggest franchises like "Civilization," "Borderlands" and "NBA 2K," was victim to a major breach of user data. According to an email sent by 2K to customers whose data had been compromised by the breach, this information was accessed via stolen credentials from a third-party vendor. These credentials were then used to send what looked like an official email from 2K customer support containing a malicious link. 2K warned customers to not click on any links from the 2K Games Support account, then took down its customer support system – it wouldn't come back online for another 20 days.
Hacking is nothing new in the games industry, but the scale and scope of breaches varies a lot. When CD Projekt Red was hacked, it caused huge problems for the "Cyberpunk 2077" developer, as the source code for "Cyberpunk 2077," "Gwent," and "The Witcher 3" was accessed as well as extensive user data and private company information. On the other hand, DDOS attacks happen all the time, like the incessant DDOS attacks on "World of Warcraft Classic" last year, but this style of hacking results in a server going down rather than the breach of private information.
More than two weeks after it happened, 2K has finally revealed the extent of its September 2022 breach. Aside from basic customer identification and contact data, there wasn't a lot of major information accessed by the yet-to-be-identified hacker.
Emails, Helpdesk IDs, Gamertags, and other basic identification details were stolen
In 2K's announcement posted October 6, 2022, the company addressed a number of questions about the breach. According to 2K Games, the hacker "accessed and copied some personal data that was recorded about you ... for support, including your email address, helpdesk ID number, gamertag, and console details." 2K then went on to reveal that it does not believe any financial or login information was stolen in the breach, but the company still plans to make every user change their password to a more complex one upon their next login.
2K recommended that customers "be vigilant" in looking for suspicious activity on their 2K account, but reassured players that it does not think any major information was taken and that this is just a precautionary measure. 2K contacted all compromised accounts directly via email when the breach occurred, so if you did not see one of these emails, the company did not identify your account as being compromised.
As of October 6, 2022, the 2K customer service portal is back online and "safe to interact with," and — according to its announcement — 2K is working with "appropriate data protection authorities" to figure out who the unidentified third-party user is. It's not the first time 2K has been hacked, though – three years ago its social media accounts were breached, and after the hack 2K had to apologize for a series of offensive posts made by the hacker.