The Target: 2K Games, an American video game publisher.
The Take: Customers were targeted with fake support tickets which contained malicious software in embedded links.
The Vector: An employee’s credentials were compromised, allow the attacker full access to the help desk panel, which they then used to contact customers and socially engineer them to click on dangerous URLs.
This breach is a stark reminder of how critical authentication controls are in an overall robust cybersecurity posture. Enforcing multi-factor authentication, reasonably paced password resets, and regular social engineering and phishing awareness training are all effective strategies to mitigate these kinds of breaches to protect a firm’s customer base.