Here How the Gaming Giant EA was Hacked

Gaming giant Electronics Art, the name behind many top games like FIFA, Battlefield, and The Sims, hit by a massive data breach. Hackers managed to steal a number of imported key game source codes and related internal tools. However, the attack was unlikely to have an impact on gamers or business operations. This hacking news was first reported by news site Vice Media after a study from Motherboard, which stated the stolen data is some 780 gigabytes (GB) that had been placed for sale in several dark web forums used by hackers.

EA, the industry leader of the gaming world, acknowledged the breach after the news report and issued a statement. “We are investigating a recent incident of intrusion into our network where a limited amount of game source code and related tools were stolen. No player data was accessed, and we have no reason to believe there is any risk to player privacy. Following the incident, we’ve already made security improvements and do not expect any impact on our games or our business. We are actively working with law enforcement officials and other experts as part of this ongoing criminal investigation,” said the company.

The attack on EA comes two days before the leading video game makers were all set to participate in the annual Electronic Entertainment Expo (E3) being held virtually due to the pandemic.

According to a report by Vice’s tech section Motherboard, hackers claimed through several posts on underground hacking forums that there is a full capability of exploiting all EA services. Hackers are said to have stolen the source code for FIFA 21 as well as code for its matchmaking server. The report says that they have also obtained source code and tools for the Frostbite engine that powers a number of EA games like Battlefield other internal game development tools. It also includes proprietary EA frameworks and software development kits (SDKs), bundles of code that are used to make game development more streamlined.

More details on how gaming giant EA was hacked unfolded later. During the study, Motherboard learned that the hackers broke into the company in part they trick an employee over Slack to provide a login token.

The detailed report published by the Vice media explained how they got to the roots of the data breach from EA. A representative for the hackers had an online chat with Motherboard, revealing the process started with procuring stolen cookies that were sold online for $10. The purchased cookies were to gain access to a Slack channel used by EA.

Cookies manage to save the login details of individual users, letting the potential threat actors log into services as that person. In the case of data theft at EA, the hackers used the stolen cookies to get into the company's Slack.

The hackers’ representative further told that once they get into chat, they messaged an IT Support member from EA, saying they lost their phone while partying. The hackers then outsmarted after requesting a multifactor authentication token from the IT support team of EA. It helped them gain access to EA's corporate network. This was successful two times, as the representative informed.

After setting foot in EA's network, the hackers found a service for compiling games meant for EA developers. “They successfully logged in and created a virtual machine giving them more visibility into the network, and then accessed one more service and downloaded game source code,” wrote the Vice media.

“The representative for the hackers provided screenshots to help corroborate the various steps of the hack, including the Slack chats themselves. EA then confirmed to Motherboard the contours of the description of the breach given by the hackers. The representative of the hackers also provided Motherboard with a series of documents they say were stolen as part of the hack. They include an assortment of material on PlayStation VR, how EA creates digital crowds in the FIFA games, and documents about AI in games,” further added by the Vice media house.

The news of gaming giant Electronics Art (EA) hacking follows the surge in high-profile cyber-attacks that happened in recent months, including several ransomware attacks on industrial firms and health care facilities, and breaches of government and non-profit networks attributed to undercover activities.