Gaming giant EA hacked, and source code stolen

Electronic Art is the latest victim of high-profile hacking. Hackers have stolen source code of FIFA 21 and code for matchmaking servers.  Electronic Art is one of the largest games companies in the world. It holds major game series such as Battlefield, Star Wars: Jedi Fallen Order, The Sims, and Titanfall.

How it happened?

According to vice tech, hackers had managed to break and steal sensitive information by social engineering an employee over Slack (messaging app for business) and tricked him in revealing a login token. The hackers said that they contacted an EA IT support person via Slack for a “multifactor authentication token” – claiming that they have lost their phone and need the token to log in to EA network.

Hackers have shared screenshots of directory listening and source code as a proof that stolen information is legitimate.

Stolen EA data worth of $28 Million

Hackers are claiming they have many customers willing to buy EA data and some of them are ready to pay $28 million for such data.

What data has been stolen?

Hackers have claimed to have stolen a massive trove of data from EA's network, including:

  • FrostBite game engine source code and debug tools
  • FIFA 21 matchmaking server code
  • FIFA 22 API keys and SDK & debug tools
  • debug tools, SDK, and API keys
  • proprietary EA games frameworks
  • XBOX and SONY private SDK & API key
  • XB PS and EA pfx and crt with key

Have players’ data also breached?

EA has over 450 million registered users worldwide. EA has confirmed that there is no impact on players’ data and there is no reason to believe that their data is at risk.

What steps has EA taken?

Following the incident, EA has tightened its security and made security improvements in people, process and technology. They are also working with law enforcement officials and other experts as part of this ongoing criminal investigation.

WeSeSo Analysis: The EA hack is an eye opener for all CISOs that securing technology is not the final solution. The risk of human weakness will always remain, and it can be exploited by social engineers honed with art of deception. They can manipulate employees to reveal sensitive information or inadvertently give a pathway to log in to organization network. Information security awareness for all employees should be the top priority for every CISOs. Also, all employees information security awareness should be tested on regular basis.

Reference: Bleepingcomputer.

By - Alok Jha (Cyber Security Expert)

0 13