2K confirms its support desk was hacked to send malware to gamers

engadget.com:

Video game publisher 2K is warning the public not to open any emails from its support account after confirming it had been hacked. “Earlier today, we became aware that an unauthorized third party illegally accessed the credentials of one of our vendors to the help desk platform that 2K uses to provide support to our customers,” the official 2K Support Twitter account posted on Tuesday.

News of the security breach broke yesterday after Bleeping Computer shared screenshots of phishing emails sent to 2K customers. The emails took the form of unsolicited support tickets. Those who opened the message were subsequently sent a second email prompting them to download “the new 2K games launcher.” Putting the 107MB executable through VirusTotal and Any.Run, Bleeping Computer found it contained malware designed to steal any passwords its target may have stored on their browser.

For anyone who may have clicked on a link in the emails, 2K recommends immediately changing any passwords stored in your browser, enabling two-factor authentication where possible, installing anti-virus software and checking that the forwarding settings on your email accounts haven’t been changed.

2K shares the same parent company as Rockstar Games. Over the weekend, the studio suffered an unprecedented security breach that saw early gameplay footage of Grand Theft Auto VI shared widely online. While there’s no evidence to suggest the two incidents are linked, the Rockstar Games hacker claimed they were also responsible for the recent Uber security breach. On Monday, the company said it was working with the FBI to investigate the incident.