Cyber Incident Victim: 2K Games

On September 20, 2022, video game publisher 2K confirmed a security breach involving unauthorized access to its help desk platform. The compromise occurred after attackers obtained credentials belonging to one of 2K’s vendors, enabling them to infiltrate the company’s customer support system. The threat actors leveraged this access to send fraudulent communications posing as legitimate support tickets to an unspecified number of players. These messages contained embedded links directing recipients to download malware. BleepingComputer first reported the incident, prompting 2K’s official support account to acknowledge the breach publicly the same day. The company immediately took its support portal offline to contain the threat and initiate an investigation, advising users that services would remain suspended until further notice. No timeline was provided for the portal’s restoration, though 2K committed to issuing updates upon resolution.

The malicious links distributed via the compromised help desk system delivered RedLine, an information-stealing malware capable of harvesting credentials, stored passwords, cryptocurrency wallets, and other sensitive data from infected devices. 2K urged affected players to reset account passwords, enable multi-factor authentication, run antivirus scans, and review email account settings for signs of compromise. While the full scope of impacted users was not disclosed, the incident raised concerns due to 2K’s portfolio of major franchises, including NBA 2K and Borderlands. The breach was noted alongside a separate, contemporaneous security incident involving Rockstar Games, though no confirmed link between the two events was established. 2K did not elaborate on whether player data beyond the targeted malware campaign was accessed or exfiltrated during the intrusion. The company’s public response remained limited to initial guidance and outage notifications, with no further details provided at the time of reporting.