[BreachExchange] How Hackers Used Slack to Break into EA Games

[Sophia Kingsbury]

https://www.vice.com/en/article/7kvkqb/how-ea-games-was-hacked-slack

The group of hackers who stole a wealth of data from game publishing giant
Electronic Arts broke into the company in part by tricking an employee over
Slack to provide a login token, Motherboard has learned.

The group stole the source code for FIFA 21 and related matchmaking tools,
as well as the source code for the Frostbite engine that powers games like
Battlefield and other internal game development tools. In all, the hackers
claim they have 780GB of data, and are advertising it for sale on various
underground forums. EA previously confirmed the data impacted in the breach
to Motherboard.

A representative for the hackers told Motherboard in an online chat that
the process started by purchasing stolen cookies being sold online for $10
and using those to gain access to a Slack channel used by EA. Cookies can
save the login details of particular users, and potentially let hackers log
into services as that person. In this case, the hackers were able to get
into EA's Slack using the stolen cookie. (Although not necessarily
connected, in February 2020 Motherboard reported that a group of
researchers discovered an ex-engineer had left a list of the names of EA
Slack channels in a public facing code repository).

"Once inside the chat, we messaged a IT Support members we explain to them
we lost our phone at a party last night," the representative said.

The hackers then requested a multifactor authentication token from EA IT
support to gain access to EA's corporate network. The representative said
this was successful two times.

Once inside EA's network, the hackers found a service for EA developers for
compiling games. They successfully logged in and created a virtual machine
giving them more visibility into the network, and then accessed one more
service and downloaded game source code.

The representative for the hackers provided screenshots to help corroborate
the various steps of the hack, including the Slack chats themselves. EA
then confirmed to Motherboard the contours of the description of the breach
given by the hackers.

In its earlier statement, EA said, "We are investigating a recent incident
of intrusion into our network where a limited amount of game source code
and related tools were stolen. No player data was accessed, and we have no
reason to believe there is any risk to player privacy. Following the
incident, we’ve already made security improvements and do not expect an
impact on our games or our business. We are actively working with law
enforcement officials and other experts as part of this ongoing criminal
investigation."

The representative of the hackers also provided Motherboard with a series
of documents they say were stolen as part of the hack. They include an
assortment of material on PlayStation VR, how EA creates digital crowds in
the FIFA games, and documents about AI in games. Sony, which owns the
PlayStation brand, did not respond to a request for comment.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210614/702f47fb/attachment.html>