[BreachExchange] Hackers Steal Wealth of Data from Game Giant EA

[Sophia Kingsbury]

https://www.vice.com/en/article/wx5xpx/hackers-steal-data-electronic-arts-ea-fifa-source-code

Hackers have broken into gaming giant Electronic Arts, the publisher of
Battlefield, FIFA, and The Sims, and stole a wealth of game source code and
related internal tools, Motherboard has learned.

"You have full capability of exploiting on all EA services," the hackers
claimed in various posts on underground hacking forums viewed by
Motherboard. A source with access to the forums, some of which are locked
from public view, provided Motherboard with screenshots of the messages.

In those forum posts the hackers said they have taken the source code for
FIFA 21, as well as code for its matchmaking server. The hackers also said
they have obtained source code and tools for the Frostbite engine, which
powers a number of EA games including Battlefield. Other stolen information
includes proprietary EA frameworks and software development kits (SDKs),
bundles of code that can make game development more streamlined. In all,
the hackers say they have 780gb of data, and are advertising it for sale in
various underground hacking forum posts viewed by Motherboard.

EA confirmed to Motherboard that it had suffered a data breach and that the
information listed by the hackers was the data that was stolen.

"We are investigating a recent incident of intrusion into our network where
a limited amount of game source code and related tools were stolen," an EA
spokesperson told Motherboard in a statement. "No player data was accessed,
and we have no reason to believe there is any risk to player privacy.
Following the incident, we’ve already made security improvements and do not
expect an impact on our games or our business. We are actively working with
law enforcement officials and other experts as part of this ongoing
criminal investigation."

Along with their forum posts the hackers shared a small selection of
screenshots claiming to demonstrate their access to EA data, but did not
publicly distribute any of the internal data itself. Instead, the hackers
are, at least ostensibly, trying to sell the information.

"Only serious and rep [reputation] members all other would be ignored," the
hackers wrote in their post.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210610/3aae9d6c/attachment.html>