2K Games has warned its customers to ignore recent customer support messages, even if they appear to be legitimate.
It’s not that someone is spoofing the 2K support email address. It’s worse: Someone gained access to the actual platform 2K uses to provide customer support, apparently by stealing the credentials of a contractor, and “sent a communication to certain players containing a malicious link.”
“Please do not open any emails or click on any links that you receive from the 2K Games support account,” the company said in a message posted to the 2K Support Twitter account, which was not compromised. The 2K Support website (support.2k.com), however, is temporarily closed. Visiting it presently displays a login page.
The malicious link was reportedly disguised as a download link for the 2K Launcher, but would actually lead to the victim downloading malware designed to steal passwords saved in browsers, according to an analysis of the file requested by Reddit user TronFan, who received one of the fake support emails and realized it was suspicious.
2K’s first suggestion for anyone who clicked the link is to reset passwords stored in their browser, which supports the conclusion that the malware is a password stealer. 2K also recommends enabling multi-factor authentication where available (just a good idea in general), running an antivirus scan, and checking email settings for unexpected new forwarding rules.
If you didn’t click a link from a recent 2K Support email, don’t do that, obviously. (I’d avoid downloading files linked in emails in general; it’s better to navigate to the website that hosts the file yourself.)
2K says it will put out a notice when we can trust 2K Support emails again, although perhaps “trust” is too strong a word. Due to incidents like this along with regular old email spoofing, I’m skeptical of every email sent to me by the services I use.
Hey folks, please read an important message from our Customer Support team. Thank you. pic.twitter.com/yKI18eL7mYSeptember 20, 2022
“We deeply apologize for any inconvenience and disruption that this matter may cause,” said 2K.
For now, the attack appears unrelated to the Rockstar Games hack that saw in-development GTA 6 footage circulate online last weekend. 2K Games and Rockstar share the same parent company, Take-Two, but the systems accessed by the attacks aren’t related, and they’re different kinds of attacks with different targets. The Rockstar hack targeted a developer and its information, whereas the 2K Support attack is using the company to get to its customers.
PC Gamer has contacted 2K to ask for more information about the attack and how it happened. We’ll update this story if we learn something new.