The game company 2K confirms that users' personal data has been compromised in the recent data breach from a third-party extension.
According to Mobile Syrup, the company had already reached out to players through an email, notifying them about the possible threat actors targeting sensitive information.
System Credentials Were Stolen Using Malicious Links
In the report on Mobile Syrup's website, 2K's help desk reported that the company had been made aware of unauthorized access to the credentials of one of their vendors.
The breach targeted customers using fake support tickets that pushed the Redline Stealer malware to solicit names, emails, Gamertags, and console details, among others.
Tech Spot writes that the company immediately warned users not to open any emails sent via the 2K Support, and urged them to change their passwords from their browsers.
The game publisher took down its support portal after the incident to investigate the reach and address the situation.
"Following further investigation, we discovered that the unauthorized third party accessed and copied some of the personal data we record about you when you contact us for support," 2K iterates.
Additionally, Bleeping Computer reports that most user information had been leaked, but there is no indication of any leakage of financial information from the system.
Tech Spot details that 2K Games hired a third-party investigator to conduct a forensic examination, and was also able to confirm that the hacker had been selling their data.
However, the company has confirmed that 2K Games' online help portal is now safe for users to use and can be trusted again.
Read More: Capital One Data Breach Hacker Gets Probation Only - But Why?
September Was A Big Month For The Hackers
Take-Two Interactive, the company that owns the subsidiary for 2K Games, had also been hacked two times last month.
Rockstar Games, another company under Take-Two, experienced a network intrusion that targeted confidential development footage for Grand Theft Auto's next installment.
The hacker allegedly got a hold of top-secret videos from their database that included spoilers for gameplay relating to the protagonist's storylines and settings for the sequel.
Rachel Tobac, CEO of SocialProof Security, said in that cybercriminals have been targeting admin credentials because they have tools that can access powerful user data, Ars Technica reports.
Connectedly, 2FA, a company that relies on one-time passcodes generated for SMS, was also victim to credential phishing.
With regard to 2K's data breach and the others before it, Take-Two released an advisory that any communications related to the incident should be met with vigilance.
The Redline Stealers, the hackers who have been leading the recent personal information thefts, are known to have the capabilities to harvest data that can infect victims' systems.
Included in the information Redline Stealers hack for are saved browser passwords, credit cards and VPN credentials, cookies, messages, and cryptocurrency wallets, Bleeping Computer reports.
Related Article: WWE 2K21 Might Not Come This Year: Is 2K Games Focusing on Something Else for Wrestling Fans?