A group of hackers hacked into Electronic Arts, the game developing and publishing giant, and stole away a considerable amount of data. This was possible only when the hackers tricked an EA Games employee to provide a login token over Slack. It has been disclosed that the source code for FIFA 21 and certain related matchmaking tools were among the data stolen. Other data that was unethically taken includes the source code of the Frostbite engine which was used by the Battlefield game.
The hackers have claimed to have stolen 780 GB of data which is available for online sale through underground forums and the dark web. This data also included EA games’ internal game development tools which could be a valuable piece of data for other game developers. The hackers have purchased certain stolen cookies from an unknown online source for $10 and this was the entry ticket to the Slack Channel used by EA.
Cookies, as you all know, are temporary files that contain a lot of personal information, including the login details of users that can be used by malicious intent to assume the identity of that user. The hackers used a stolen cookie to get into EA’s Slack Channels, some of them were available in a repository containing public-facing code since February 2020.
The next step used by Hackers was to access the Slack Chat and send a message to any IT Support Team member and make a fake excuse of losing the smartphone. The next step was to send a request to the EA IT Support team for a multifactor authentication token. Once this was successful, the hackers could access the EA’s corporate network.
Once they gained access to the network, the hackers successfully logged in and managed to create a Virtual Machine. This helped them to get more visibility and finally found the service that was used by EA game developers to compile games. Similarly, they accessed many different services until they were finally able to download the FIFA 21 source code. Additionally, certain documents that contained material on PlayStation VR, Digital crowd creation technique, and how Artificial Intelligence is used were stolen in this hack.
It also seems that the hackers have taken screenshots of various actions to prove to the world that these hackers did indeed hack the EA network and stole some games. EA Games has stated “In its earlier statement, EA said, “We are investigating a recent incident of intrusion into our network where a limited amount of game source code and related tools were stolen. No player data was accessed, and we have no reason to believe there is any risk to player privacy. Following the incident, we’ve already made security improvements and do not expect any impact on our games or our business. We are actively working with law enforcement officials and other experts as part of this ongoing criminal investigation.”
The Law Enforcement Agency has been involved here and is keeping a tight watch to nab the hackers and ensure that the stolen data is not sold into the wrong hands.