2K warns customers: Don't trust recent support emails, don't click on links

Attendees walk past signage for 2K Games Inc. during the E3 Electronic Entertainment Expo in Los Angeles, California, U.S., on Tuesday, June 10, 2014. E3, a trade show for computer and video games, draws professionals to experience the future of interactive entertainment as well as to see new technologies and never-before-seen products.
The 2K Games booth from E3 2014. (Image credit: Patrick T. Fallon/Bloomberg via Getty Images)

2K Games has warned its customers to ignore recent customer support messages, even if they appear to be legitimate.

It's not that someone is spoofing the 2K support email address. It's worse: Someone gained access to the actual platform 2K uses to provide customer support, apparently by stealing the credentials of a contractor, and "sent a communication to certain players containing a malicious link."

"Please do not open any emails or click on any links that you receive from the 2K Games support account," the company said in a message posted to the 2K Support Twitter account, which was not compromised. The 2K Support website (support.2k.com), however, is temporarily closed. Visiting it presently displays a login page.

The malicious link was reportedly disguised as a download link for the 2K Launcher, but would actually lead to the victim downloading malware designed to steal passwords saved in browsers, according to an analysis of the file requested by Reddit user TronFan, who received one of the fake support emails and realized it was suspicious.

2K's first suggestion for anyone who clicked the link is to reset passwords stored in their browser, which supports the conclusion that the malware is a password stealer. 2K also recommends enabling multi-factor authentication where available (just a good idea in general), running an antivirus scan, and checking email settings for unexpected new forwarding rules.

If you didn't click a link from a recent 2K Support email, don't do that, obviously. (I'd avoid downloading files linked in emails in general; it's better to navigate to the website that hosts the file yourself.)

2K says it will put out a notice when we can trust 2K Support emails again, although perhaps "trust" is too strong a word. Due to incidents like this along with regular old email spoofing, I'm skeptical of every email sent to me by the services I use.

"We deeply apologize for any inconvenience and disruption that this matter may cause," said 2K.

For now, the attack appears unrelated to the Rockstar Games hack that saw in-development GTA 6 footage circulate online last weekend. 2K Games and Rockstar share the same parent company, Take-Two, but the systems accessed by the attacks aren't related, and they're different kinds of attacks with different targets. The Rockstar hack targeted a developer and its information, whereas the 2K Support attack is using the company to get to its customers.

PC Gamer has contacted 2K to ask for more information about the attack and how it happened. We'll update this story if we learn something new.

Tyler Wilde
Editor-in-Chief, US

Tyler grew up in Silicon Valley during the '80s and '90s, playing games like Zork and Arkanoid on early PCs. He was later captivated by Myst, SimCity, Civilization, Command & Conquer, all the shooters they call "boomer shooters" now, and PS1 classic Bushido Blade (that's right: he had Bleem!). Tyler joined PC Gamer in 2011, and today he's focused on the site's news coverage. His hobbies include amateur boxing and adding to his 1,200-plus hours in Rocket League.