2K has confirmed that a recent security breach resulted in customers’ personal information being stolen and put up for sale.
In late September the publisher said that its customer support service had been compromised and warned players that might be affected to change their passwords.
2K said a third-party had illegally accessed the credentials of one of its vendors to the helpdesk platform the company uses, before accessing confidential customer details and sending malicious links to some players.
On October 6, 2K began contacting customers whose information had been accessed and put up for sale.
“The unauthorized third-party accessed and copied some personal data that was recorded about you when you contacted us for support, including your email address, helpdesk ID number, gamertag, and console details,” it explained.
“There is no indication that any of your financial information or password(s) held on our systems were compromised.”
2K added: “However, out of an abundance of caution, we encourage all of our players to secure their accounts by resetting passwords and enabling multi-factor authentication if they have not already done so.”
It said the malicious link sent to some players contained malware that had the potential to compromise data stored on their devices, including passwords.
2K advised players who clicked on the link: “We recommend restarting your computer immediately and using cybersecurity best practices, resetting all your passwords, using MFA where available, and using updated anti-virus software. Please refer to our post for additional guidance.”
Upon discovering the security breach last month, 2K took its support portal offline while it investigated and contained the incident. The support portal is now back online and is safe to interact with, according to the company.
Rockstar Games, which is owned by 2K’s parent company Take-Two, was also hacked in September, resulting in more than an hour of Grand Theft Auto 6 development footage being published online.