Cybercriminals have broken into Electronic Arts (EA), one of the world’s largest creators of video games, and published the stolen data on the dark web.
A host of online posts across underground platforms have revealed that the hackers made away with a stash of game source code and related internal tools for the gaming company that has published Battlefield, FIFA, and The Sims.
Sightings of the forum posts, which were reviewed by notable media companies, were confirmed by cybersecurity experts that have since established that the cyberattack took place on June 6.
According to reports, the cybercriminals have since claimed that they managed to harvest 780 GB of data from the video game company, including the Frostbite source code that reportedly enables FIFA, Madden, and Battlefield.
The cybercriminals announced that the cyberattack yielded very successful results, and that they have achieved full capability to exploit all EA services. The same claims were made concerning the theft of software development tools necessary for FIFA 21 operations, and a server code that powers FIFA 22.
Further, it has been revealed that the hackers also made away with proprietary EA frameworks and other software kits that ensure the smooth running of their games. The large cache of sensitive data is now being advertised for sale across a number of dark web hacking forums.
Apart from the forum posts that have since been shared by media sites, the cybercriminals attempted to provide a selection of screenshots that allegedly confirm their access to EA data. Nonetheless, the hackers have since not resorted to public distribution of the internal data, but they have been trying to sell the information across underground channels.
EA Has Confirmed the Data Breach
As reported by VICE, EA has since acknowledged the cyberattack and issued a statement to back the widespread reports. The gaming firm said that it had suffered a data breach and confirmed authenticity of the information that was being advertised for sale.
The company’s spokesperson intimated that the organization is currently running an investigation to ascertain the source and extent of the breach. The representative said that a limited amount of game source code and related software tools had been compromised in the data breach.
Importantly, the EA spokesperson asserted that player data was still intact, and that the gaming company had no concern that player privacy had been undermined. The official affirmed EA’s security improvements, including cooperation with law enforcement agents and cyber experts, to safeguard the video games and company interests.
While speaking to CNN, cybersecurity expert Brett Callow reflected on the serious negative effects of the EA data breach. The cyber threat analyst at Emsisoft said that EA’s loss of control over the gaming source codes could turn out to a disaster for the firm.
Unauthorized access to the source code means that other developers can copy the data in making hacks for the popular EA games. The same sentiment was echoed by Ekram Ahmed of cybersecurity company Check Point. In Ahmed’s submission, threat actors may simply identify flaws in the source code and use the weakness for malicious gains.
Source code denotes the version of a computer software that is typically a more simplified version to the finished version of a complete product. Thus, in context of the EA hack, the source code may be used by third party actors to reverse engineer elements of the finished product.
The recent attacks targeting notable private sector and governmental organizations have painted a grim picture concerning the preparedness of companies amid a spate of cyberattacks.
Not too long ago, ransomware attackers caused major disruptions in both the fuel and meat supply chains.