Game company 2K on Thursday warned users to remain on the lookout for suspicious activity across their accounts following a breach last month that allowed a threat actor to obtain email addresses, names, and other sensitive information provided to 2K’s support team.
The breach occurred on September 19, when the threat actor illegally obtained system credentials belonging to a vendor 2K uses to run its help desk platform. 2K warned users a day later that the threat actor used unauthorized access to send some users emails that contained malicious links. The company warned users not to open any emails sent by its online support address or click on any links in them. If users already clicked on links, 2K urged them to change all passwords stored in their browsers.
On Thursday, after an outside party completed a forensic investigation, 2K sent an unknown number of users an email warning them that the threat actor was able to obtain some of the personal information they supplied to help desk personnel. The email stated: