Massive EA Games hack began with cyber thieves posing as employee on Slack

12 Jun, 2021 07:07

The group of hackers who swiped source code from game company Electronic Arts pulled off the stunt by tricking EA’s IT support team on Slack, according to Motherboard.

The cyber thieves made off with some 780 gigabytes of data, including the source code for soccer simulator FIFA 21 and its matchmaking server, and the Frostbite engine, which powers most of EA’s games – including the Battlefield and Madden franchises. The code has now been put up for sale on the dark web. 

Motherboard, which reported the data breach on Thursday, has revealed new details about how the exploit was achieved after making contact with the hackers. 

A representative for the hacking collective told the outlet in an online chat that the group purchased stolen browser cookies being sold online for $10, and used the data to gain access to an EA Slack channel. Cookies can sometimes contain sensitive information such as login details. 

Once inside the communications platform, the hackers pinged a member of EA’s IT support team, explaining that they had lost their phone at a party during the previous night. The ruse was successful, and the hackers were given a multifactor authentication token so that they could login to the company’s corporate network. 

Also on rt.com EA confirms data breach as hackers claim they took FIFA 21 source code, Battlefield engine, and other LOOT

Having bypassed the first major obstacle, the hackers were able to burrow deeper into EA’s network, accessing services that allowed them to download game source code. 

The hackers backed up their story by providing Motherboard with screenshots of the Slack chats. EA later confirmed to the outlet that the timeline of events was accurate. 

While chatting with Motherboard, the representative for the hackers furnished a tranche of documents that were allegedly taken during the exploit, including materials concerning Playstation, virtual reality (VR), AI technology and how EA creates digital crowds in its FIFA games. 

After the hack went public, EA issued a statement saying that an investigation was underway. No player data was accessed and security improvements were implemented following the incident, the company said. Based in Redwood City, California, EA is known for popular titles such as Battlefield, FIFA, Madden, and The Sims.

Like this story? Share it with a friend!