[BreachExchange] Hackers leak full EA data after failed extortion attempt

Sophia Kingsbury sophia.kingsbury at riskbasedsecurity.com
Mon Aug 2 12:15:15 EDT 2021


https://therecord.media/hackers-leak-full-ea-data-after-failed-extortion-attempt/

The hackers who breached Electronic Arts last month have released the
entire cache of stolen data after failing to extort the company and later
sell the stolen files to a third-party buyer.

The data, dumped on an underground cybercrime forum on Monday, July 26, is
now being widely distributed on torrent sites.

According to a copy of the dump obtained by The Record, the leaked files
contain the source code of the FIFA 21 soccer game, including tools to
support the company’s server-side services.

How the EA breach took place

The existence of this leak was initially disclosed on June 10, when the
hackers posted a thread on an underground hacking forum claiming to be in
possession of EA data, which they were willing to sell for $28 million.

In an interview with Motherboard, the hackers claimed to have gained access
to the data after buying authentication cookies for an EA internal Slack
channel from a dark web marketplace called Genesis.

The hackers said they used the authentication cookies to mimic an
already-logged-in EA employee’s account and access EA’s Slack channel and
then trick an EA IT support staffer into granting them access to the
company’s internal network.

>From there, the hackers then proceeded to download more than 780GB of
source code from the company’s internal code repositories.

While initially, the hackers hoped to earn a big payday from the EA hack,
they failed to find any buyers on the underground market, as the stolen
data was mostly source code that lacked any value for other cybercrime
groups, most of which are interested in user personal or financial data
primarily.

After failing to find a buyer, the hackers tried to extort EA, asking the
company to pay an undisclosed sum and avoid having the data leaked online.

Initially, they released a cache of 1.3GB of FIFA source code on July 14,
only to release the entire data two weeks later after EA shunned their
threats.

In a statement sent to The Record after the release of the full data, EA
confirmed that “no player data was accessed” during the hackers’ intrusion
and the company has “no reason to believe there is any risk to player
privacy” as a result of the leak.

“Following the incident, we’ve already made security improvements and do
not expect an impact on our games or our business,” an EA spokesperson told
The Record. “We are actively working with law enforcement officials and
other experts as part of this ongoing criminal investigation.”

Screenshots from the leaked data are available below.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210802/24c38fc2/attachment.html>


More information about the BreachExchange mailing list