Gaming giant Electronic Arts has been hacked. Hackers are now selling access to the company’s games and servers, according to screenshots from underground hacking forums obtained by Motherboard.
Posts found on the hacking forums state that the attackers have obtained 780 GB of data and have full access to the login servers that allow players to compete online on FIFA 21, FIFA 22 API keys and some Software Development Kits (SDKs) for Microsoft Xbox and Sony. They also claim to have information, like the source code and debugging tools for Frostbite, which powers EA’s most popular games, such as Battlefield, and FIFA.
“You have the capacity to exploit all of EA’s services,” reads an attacker’s post, which specifies that hundreds of millions of EA’s users are registered worldwide, including nearly nine million. FIFA users. The messages indicate that the hackers are selling the data and access bundle for 22 million euros.
In a statement to , a spokesperson for EA said it was not a ransomware attack and claimed that a “limited amount of game source code and related tools have been stolen “during the attack. The company said it does not anticipate any changes to its games or operations.
“No player data has been viewed, and we have no reason to believe that there is a risk to player privacy,” said the EA spokesperson. “We are actively working with law enforcement and other experts in connection with this ongoing criminal investigation.”
Recurring attacks on video game platforms
Stolen data and tools can be used for cheat code creation and source code replication.
EA is far from the first video game company to be hacked. Capcom and CD Projekt suffered attacks last year. CD Projekt revealed a ransomware attack in February and Capcom announced a hack in November that now has serious legal consequences for the company. EA was already hacked in 2011 and faced a series of vulnerabilities discovered in 2019.
Rajiv Pimplaskar, chief risk officer for cybersecurity firm Veridium, said that like Capcom, there could be several consequences, such as loss of customer account credentials, personal data, in addition to loss of intellectual property.
“EA makes over $ 2.7 billion from microtransactions or in-game purchases. App developers today have a greater responsibility for protecting consumers and increasingly need to incorporate measures of code-level digital identity, authentication and privacy to enhance cyber defense and mitigate the fallout from these forms of theft, ”Pimplaskar added.
Source code at risk
Erich Kron, head of security awareness at KnowBe4, told that it was strange that the attackers did not attempt to demand a ransom from EA before selling the data to the marketplace. He noted that proprietary information found in the leak may be valuable to competitors or may include information or vulnerabilities that could be used in future attacks against EA products or customers who have installed EA games.
Many experts have added that the theft of a game’s source code is particularly damaging for a company like EA, which owns popular brands like FIFA, Battlefield, Star Wars: Jedi Fallen Order, The Sims, and Titanfall. “The source code of games is highly confidential and sensitive intellectual property that forms the heart of a company’s service or offering. Exposing this data is like taking a virtual life,” said Saryu Nayyar, CEO of Gurucul. “The heartbeat has been interrupted and it cannot be said how this attack will impact the company’s gaming services in the long term.”