A group of malicious hackers has begun leaking Electronic Arts source code for critical titles. The games publishing and development giant was the latest victim of a cyber-attack back in June. The hackers attempted to blackmail the California-based company by threatening to publicly make available the stolen data unless they received ransom money.

FIFA 21 and Frostbite Engine Source Code Stolen

According to a report by Bloomberg, the hackers were able to breach EA’s systems and steal 780 GB worth of data. This included the complete source code for FIFA 21 and the Frostbite engine, which is used by most of the company’s titles.

A spokesperson for EA stated that “no player data was accessed, and we have no reason to believe there is any risk to player privacy.” They went on to reassure that the company’s operations and business will remain unaffected.

Over on the XSS forum – a place where cybercrime discussions are held – a group named Kickass claimed responsibility for the data theft. They claimed to have revealed through a closed group chat that they had the Xbox software devkit and data keys to crack the FIFA 21, 22, and Frostbite engines. Bloomberg received a screenshot of the chat conversation along with a statement that the stolen data allows for full exploitation of “all EA’s services”.

Hackers Pose as EA Employees

A report by Vice states that the hacker group began its heist by posing as EA employees on the company’s Slack. The website was contacted by one of the hackers, who explained they were able to do so by purchasing stolen cookies that contained login details.

The individual went on to explain that they used social engineering to carry out their breach. They claim they convinced EA’s IT support via Slack, stating they had lost their phones during a party. By doing so, they were able to twice receive authentication tokens that gave them access to the company’s network.

The hacker corroborated their story with Vice by sharing screenshots. They included the process they used to access EA’s services that included one for game compiling. By setting up virtual machines, they were able to gain further access to the network and download the source code.

Group Asks Vice to Help Extort EA

Before publicly extorting EA, the hackers requested Vice to send the company their threatening message on their behalf. The hacker group had stated on several occasions to the website that they had blackmailed EA more than once. The gaming giant, though, claimed to have not received such messages.

Vice later received a notice from the hackers to pass on their extortion letter but to no avail. After failing to extort EA through a third party, the group chose to use public means to demand ransom money in exchange for not leaking the stolen source code.

Despite the threats, Electronic Arts have chosen not to negotiate with hackers. In response, the group is now claiming that they have begun posting the code, and “if they dont contact us or dont pay us we will keep posting it.”

Our Thoughts on the Situation

Data breaches are nothing to be surprised about in this time and age. Computer systems can be made challenging to access, but they’re not impenetrable. When you factor in the social engineering techniques these hackers claimed to have used, it’s pretty clear that EA needs to make a few updates to their procedures.

Like most gamers, we’re not going to lose much sleep over EA losing some critical source code. This isn’t going to do that much damage to their bottom line – though they may need to consider taking multiplayer hacks seriously. What bums us the most is that the hard work of countless game developers has been stolen. People who toiled years over these source codes now have to see their hard work distributed for almost anyone to see. For their sake, we hope some justice is served.

Comments

0 comments