Yesterday, Electronic Arts (EA Games) confirmed that hackers have stolen large amounts of game data and source codes. Approximately 780GB of data was stolen according to an anonymous posts on dark web forums. The hackers are also selling portions of the data to buyers on the dark web. The stolen source codes includes FIFA 21 and EA’s Frostbite game engine, used by FIFA, Madden, Battlefield, Star Wars: Squadrons, Anthem and additional internal tools.
Player Privacy
EA Games developed and manages some of the highest rated games including, FIFA, The Sims, Apex Legends and Battlefield. According to EA representatives, no player data was accessed and there is no reason to believe that there are serious threats to player privacy at this point. The game publishers is investigating the intrusion and did confirm only a limited amount of game source code was stolen. The attack on the publishers network did not involve a ransomware attack. However, it does make the company yet another target of hackers attacking American companies in recent months. Another example was Hacking Group Darkside attacking Colonial Pipeline where a $4.4 million ransom payment was approved by the company to the hackers.
Source Codes
On several dark web forums the hackers claim they have taken the source code for FIFA 21, as well as code for its matchmaking server. The hacker also claimed that they have stolen the source code and tools for the Frostbite engine, which powers various EA games including the popular online shooter; Battlefield. The vast 780GB of stolen data includes more than just source codes and game engines, it also includes proprietary EA frameworks and software development kits (SDKs) and sets of code meant to enhance game development. The hackers are currently advertising the sales of this data on various dark web and hackers forums.
New: here is how hackers broke into EA games and stole a ton of code/internal tools
– bought cookie online for $10
– logged into EA Slack
– trick IT support to give login token for EA network
“We explain to them we lost our phone at a party last night”https://t.co/BR9poVFT6z— Joseph Cox (@josephfcox) June 11, 2021
Losing Control
The hackers claimed in their posts to offer “full capability of exploiting on all EA services.” According to Brett Callow, the cybersecurity expert and a threat analyst at Emsisoft, losing control of crucial source code could potentially be a problem for EA’s business. However, source code can generally not be copied by other game developers in a way to make it a core system of non EA games. At the same time hackers can dive deeper into the leaked code and potentially find flaws in the system that can be used to exploit current and future EA games and networks. Together with their forum posts the hackers shared a selection of screenshots claiming to demonstrate their access to EA data.
