We informed you about a very unpleasant incident at Electronic Arts in one of the morning news. The hackers were able to steal almost 800 GB of data from the company’s internal network, including the source code of the FIFA 21 game and especially the Frostbite engine, which were subsequently offered for sale on the dark website. The data of individual players can also be potentially at risk, which makes the leak an even more serious matter, which EA understandably examines and tries to both secure all the damage and prevent further leaks. In the meantime, however, there is a statement from hackers who, when asked by Vice magazine, revealed how they actually got into the internal network of Electronic Arts. In the end, it seems that the error was not in the software or hardware, but in the security processes and the human factor, which was later confirmed by EA representatives.
New: here is how hackers broke into EA games and stole a ton of code/internal tools
– bought cookie online for $10
– logged into EA Slack
– trick IT support to give login token for EA network
„We explain to them we lost our phone at a party last night“https://t.co/BR9poVFT6z
— Joseph Cox (@josephfcox) June 11, 2021
The whole story started by buying stolen cookies for only $ 10. It was the data of one of the Electronic Arts employees, and the hackers went for sure. As Vice describes, cookies enabled access to the company’s Electronic Arts channel on the Slack communication platform, which was supposed to be the most difficult part of the entire operation. “The moment we got into the chat, I wrote to the IT department that I couldn’t find the phone after yesterday’s party,” the hacker told Vice editors, explaining that he was aiming for a false reason why he couldn’t have an authenticator generated to connect to corporate networks.
The IT support employee then complied with the hackers in good faith, had them generate their own authentication key, and even provided it to the attackers twice as needed, as if he were really talking to an EA employee and wanted to do so. clerk. But the moment hackers got into the Electronic Arts network, no one could stop them from doing so, so they could easily find a section for developers, specifically for those who compile individual game builds, successfully logged in to the section, started virtualization of another computers and unscrupulously downloaded the source codes mentioned in the introduction.
A hacker spokesman provided Vice with a lot of evidence, including screenshots of communication with the IT department, and a surprising confirmation from EA that the whole event actually took place as described by the hackers. In addition, Vice was able to look at other data that was part of the leak, including data on the PlayStation VR, descriptions of how EA Sports is creating digital fans in the FIFA series, documents about artificial intelligence in the game and other materials. There is no doubt, therefore, that the information provided is true and can at least serve other companies for better security and strict access in the event of a similar incident that has caused current problems in Electronic Arts.