Publisher EA has been breached by a crew of hackers who stole 780GB of game data, according to a Motherboard report. The stolen data reportedly includes FIFA 21 source code and tools from the Frostbite engine, although EA says no player data was taken. A subsequent report states the hackers used company credentials purchased online to trick IT support members into thinking they were employees.
According to the initial report, the hackers have access to not just FIFA 21’s source code but also the code for its matchmaking servers. And in addition to Frostbite engine tools, the hackers claim to have stolen proprietary EA frameworks and software development kits that streamline game making.
A source with access to the forums where the hackers posted the stolen data showed Motherboard screenshots of messages written by the culprits, with one that read you have “full capability of exploiting on all EA services” once inside EA’s corporate networks.
In a follow-up Motherboard report, representatives for the hackers explained exactly how they got EA’s data. It started by first buying stolen cookies belonging to employees for $10 and, in a perturbing cyber-body-snatcher kind of way, used those to pose as these individuals in the company’s official Slack channels. The hackers then requested a multifactor authentication token to gain access to EA’s corporate networks after telling IT support they “lost” their phones. This was apparently successful twice, and led to access to EA’s network and the ensuing theft.
An EA representative said the company is investigating the incident but assured fans that “no player data was accessed.” The representative also said the company has improved its security infrastructure to prevent this from happening again and is in the process of working with law enforcement to dig into it.
“We are investigating a recent incident of intrusion into our network where a limited amount of game source code and related tools were stolen,” the spokesperson said. “No player data was accessed, and we have no reason to believe there is any risk to player privacy. Following the incident, we’ve already made security improvements and do not expect an impact on our games or our business. We are actively working with law enforcement officials and other experts as part of this ongoing criminal investigation.”
We’ve reached out to EA for an additional comment on the hackers’ methods and will update this post if we hear back.
According to Motherboard, the hackers are also holding onto documents on things like PlayStation VR, how EA creates virtual crowds in titles such as FIFA, and information on AI in games. In total, the hackers claim to have 780GB of EA data and are reportedly looking to sell it on online hacker forums.
Check it out