EA Games Hacked, Source Code Stolen

Hackers compromise systems of Electronic Arts, and steal valuable source code to big name computer games, as well as internal tools

One of the world’s biggest computer game publishers has been hacked, and valuable data has been stolen by the attackers.

According to Vice.com’s Motherboard, Hackers broke into gaming giant Electronic Arts (EA Games) and stole a wealth of game source code and related internal tools.

The hackers reportedly gained access to 780GB of data, including the source code for FIFA 21, as well as code for its matchmaking server.

And the hackers also managed to obtain the source code and tools for the Frostbite engine, which powers a number of EA games including Battlefield.

Whistleblower leak keyboard security breach © CarpathianPrince Shutterstock

EA data breach

The hackers also stole proprietary EA frameworks and software development kits (SDKs), bundles of code that can make game development more streamlined,Vice.com reported.

And to make matters worse, the hackers are advertising the stolen for sale in various underground hacking forum posts.

“You have full capability of exploiting on all EA services,” the hackers were quoted as claiming in various posts on underground hacking forums viewed by Motherboard, as they touted the data to potential buyers.

A source with access to the forums, some of which are locked from public view, also provided Motherboard with screenshots of the messages, Vice.com reported.

EA confirmed to Motherboard that it had suffered a data breach and that the information listed by the hackers was the data that was stolen, Vice.com reported.

“We are investigating a recent incident of intrusion into our network where a limited amount of game source code and related tools were stolen,” an EA spokesperson told Motherboard in a statement.

“No player data was accessed, and we have no reason to believe there is any risk to player privacy,” the spokesperson added. “Following the incident, we’ve already made security improvements and do not expect an impact on our games or our business.”

The EA spokesperson also said the firm was “actively working with law enforcement officials and other experts as part of this ongoing criminal investigation.”

Not ransomware

The incident seems to be a conventional cyberattack that resulted in a significant data breach for EA Games, and does not appear to be a ransomware attack.

A point noted by ESET cybersecurity specialist Jake Moore.

“This is not the usual attack as it is likely not financially motivated,” said Moore. “Attacks on games publishers are usually for other reasons such as cheat making or underground community kudos.”

“Gaming source code makes a popular target for cheat makers and their communities, so protection must be water tight,” Moore added. “There will be an inevitable indirect financial hit as EA recovers from a frustrating strike, but luckily this is not related to ransomware like many other current targeted cyberattacks delivering a two-pronged attack.”

Beyond the firewall

Another expert said this case highlighted the need for organisations to constantly scan beyond the corporate firewall and even on the dark web, for leaked company documents and data.

“This incident is further proof that addressing data breaches that occur outside the corporate firewall is vital,” said David Sygula, senior cybersecurity analyst at CybelAngel. “Businesses must understand what sensitive data is beyond the security perimeter.”

“As always, organisations must reduce their digital risk by constantly scanning for leaked documents outside their networks, such as Dark Web forums in the case, to uncover confidential and sensitive data quickly, before it is exploited,” said Sygula.