Major game publisher Electronic Arts (EA) revealed this month that hackers have stolen valuable information from the company. The attackers downloaded the source code for a number of high-profile games, including FIFA 21, and it is said that around 780GB of data was stolen. It has also been found that the source code for EA’s Frostbite game engine, a proprietary tool used to create dozens of games, as well as various frameworks and SDKs have been appropriated.
Exploit on EA services first came to light upon the publication of Motherboard’s report, claiming that the hackers made multiple posts on several underground hacker’s forums, now putting the 780GB of stolen data up for sale on said forums.
Hackers are reported to have used stolen cookies and Slack to target EA. They first purchased stolen cookies on the Dark Web for just $10, then used such cookies to gain access to a Slack channel used internally by EA, tricking one of EA’s IT department employees into providing two multifactor authentication login tokens over Slack. This worryingly simple social engineering strategy provided the hackers with full access to the company’s corporate network.
The company has reassured that no customer data was stolen, adding that they “have no reason to believe there is any risk to player privacy”. EA have since stated that they have already improved their security following the incident. Officials do not expect the hack to impact its games or its business, as it was not a ransomware attack, thus the company’s data was not scrambled with encryption.
Although such a hack could risk games being copied by other developers, it is unlikely that any mainstream competitor to EA would decide to use such data. EA is currently investigating the data breach, working with law enforcement agencies to determine the full extent of the hack.