2K was hacked last month after an "unauthorized third party" gained access to the 2K support site which then "sent a communication to certain players containing a malicious link." That link undoubtedly contained malware, but when the link came from an official 2K source, it likely caught more than a few users.
An investigation has been underway for the past few weeks to see what information those hackers have made off with. According to 2K’s FAQs on the hack, clicking the link could have resulted in credential theft, but so far there’s no mention of entire machines being hijacked or ransomed. Affected users have also been contacted directly by 2K games to inform them that their personal information was stolen and put up for sale online.
2K’s official site has also been updated with the results of its investigation. "An unauthorized third party illegally accessed the credentials of one of our vendors to the help desk platform that 2K uses to provide support to our customers," reads the site. "The unauthorized third-party accessed and copied some personal data that was recorded about you when you contacted us for support, including your email address, helpdesk ID number, gamertag, and console details."
Elsewhere in the FAQs, 2K confirmed "the unauthorized third party gained access to, and a copy of, a limited volume of your personal data held in 2K’s helpdesk system and made it available for sale." The good news is that "there is no indication that any of your financial information or password(s) held on [2K’s] systems were compromised."
Still, having your email addresses and gamertags put up for sale online can be a little unnerving. 2K is urging everyone with an account to change their passwords and turn on two-factor authentication just to be safe.