4 Million Stolen Accounts on Dark Web
A major security breach that occurred in September has partially toppled video game publisher 2KGames. Since, then the 2K gaming platform sent email notifications to affected users, whose personal information has been stolen, and is already advertised for sale on several dark web markets.
After realizing the underground auctions of credentials stolen from its platform, 2K openly admitted that its platform had been compromised by criminal hackers. Accordingly, the threat actors were able to target users with fake support tickets via a fraudulent Helpdesk platform created by the criminals.
However, the tickets served were vectors for the distribution of the Redline Stealer malware through embedded links. Even before the hack was linked to the threat actors, the use of Redline Stealer was incredibly obvious, due to the campaign’s similarities that are a part of the known capabilities of the malware.
One noticeable similarity is that the info-stealer can harvest a massive range of data after successfully infecting the victim’s systems. This includes credit card information, VPN credentials, instant messages, cryptocurrency wallets, cookies, browser passwords, and other private data.
With damage control a major issue, 2K shut down its support portal indefinitely and advised recipients of the phishing emails. They were also warned to monitor their accounts for any suspicious activity, and reset all browser-stored passwords for saved links.
Further, the game publisher informed customers that personal information had been stolen from its help desk portal, which confirmed that phishing scams had infiltrated 2K’s support system. But, according to the 2K company’s press release, no financial information or passwords were stolen by the criminal hackers.
Dark Web’s 2K Bundle Sale
However, 2K, as well as its customer base, are on edge as the hack was eventually confirmed by the hacker themselves. According to the threat actors, they have begun selling the data as a “2K support database bundle”. The stolen data collectively maxing out at over 4 million records, is up for sale on an unidentified hacker forum.
The 2K bundle listed for sale on the dark web market is stated to comprise customer IDs, usernames, emails, zendesk emails, their real names, and other private data.
2K seems to have recovered its systems relatively quickly, as they informed users that the help portal was once again, fully operational. However, they further cautioned users to remain vigilant, and continue to watch for any suspicious activity across their accounts.
Customers were urged not to click suspicious links in their messages – messages they did not expect to receive. They were also warned to enable multi-factor authentication (MFA) whenever available, through phone, internet provider, and email accounts. In addition, those who clicked malicious links were advised to reset all passwords and install anti-malware software.