Hackers have broken into gaming giant Electronic Arts, the publisher of Battlefield, FIFA, and The Sims, and stole a wealth of game source code and related internal tools. “You have full capability of exploiting on all EA services,” the hackers claimed in various posts on underground hacking forums. A source with access to the forums, some of which are locked from public view, provided Motherboard with screenshots of the messages. In those forum posts the hackers said they have taken the source code for FIFA 21, as well as code for its matchmaking server. The hackers also said they have obtained source code and tools for the Frostbite engine, which powers a number of EA games including Battlefield. Other stolen information includes proprietary EA frameworks and software development kits (SDKs), bundles of code that can make game development more streamlined. In all, the hackers say they have 780GB of data and are advertising it for sale in various underground hacking forum posts viewed by Motherboard. 

Notify of
11 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Sam Curry
Sam Curry , Chief Security Officer
InfoSec Expert
June 11, 2021 11:37 am

<p>Oftentimes, there isn\’t a lot of good news or optimism resulting from another global giant being breached. However, in the case of EA, they deal in petabytes of information so the reported amount of stolen data is relatively small in the gaming world. I\’m not trying to diminish or minimize this compromise as the source code used to develop EA\’s popular games has value to competitors and threat actors looking to sell the info on the darkweb. However, from initial reports, customer info, financial info or other proprietary information hasn\’t been stolen. Behind the scenes, the threat actors either didn\’t ultimately get where they wanted to in the network or the good guys discovered the compromise early enough to limit the damage. EA should continue to be transparent, share as many details as possible and use this compromise as an opportunity to educate other companies in need of improving their own security hygiene. We should all look forward to hearing more from EA relating to this compromise and they have the opportunity to play the role of hero in this situation, as the role of villain or victim isn\’t an option.</p>

Last edited 1 year ago by Sam Curry
Paul Bischoff
Paul Bischoff , Privacy Advocate
InfoSec Expert
June 11, 2021 11:39 am

<p>Thankfully, no user data was stolen from EA, so players shouldn\’t be at increased risk of cyber attacks, phishing, or identity theft. The stolen data mostly includes source code and tools for game development. It\’s information that\’s valuable, but probably only to a small handful of people who would know what to do with it. An unscrupulous game developer could steal intellectual property for their own games, for example. Another possibility is that game hackers could use the data to cheat in online games, such as by manipulating the matchmaking in FIFA.</p>

Last edited 1 year ago by Paul Bischoff
Chris Hauk
Chris Hauk , Consumer Privacy Champion
InfoSec Expert
June 11, 2021 11:41 am

<p>The EA data breach is different from numerous other attacks, as it isn\’t a ransomware attack, but instead the bad actors that pulled off the breach are looking to sell the information obtained in the breach to the highest bidder among other hackers. </p> <p> </p> <p>Happily, it appears, for now at least, that no actual player personal data was exposed and the breach was instead directed at company assets. There is a possibility that later on the gleaned information could be used to engineer hack attacks on gamers while they\’re playing the game, or to give some less than scrupulous players the ability to cheat, ruining the gaming experience for other players. </p> <p> </p> <p>Attacks like these underscore the value of data from gaming giants, as well as the need for companies like EA to step up their efforts on protecting this valuable proprietary data.</p>

Last edited 1 year ago by Chris Hauk
Erich Kron
Erich Kron , Security Awareness Advocate
InfoSec Expert
June 11, 2021 11:43 am

<p>This incident demonstrates the fact that even high-tech organizations are vulnerable to potential data breaches. In this case, the source code for several products, some very valuable and costly to produce intellectual property, has been stolen by the cyber criminals and offered on the open market. Interestingly, at this time, it appears they did not attempt to ransom the data back to EA, but instead chose to offer it to the highest bidder. If this data includes a significant amount of proprietary information, it may be valuable to competitors, or it may include information or vulnerabilities that could be used in future attacks against EA products or customers with installed EA games.</p> <p> </p> <p>Unfortunately, these successful attacks are often a byproduct of human error. Reused passwords or harvested credentials are common ways for attackers to gain access to systems and networks. For this reason, it is a wise move for organizations to regularly educate employees about potential attack vectors and the importance of being vigilant for attacks that may target them. In addition, robust Data Loss Prevention controls can help spot when sensitive data may be moving out of the victim\’s network and play an important role in an organization\’s layered security strategy.</p>

Last edited 1 year ago by Erich Kron
Rajiv Pimplaskar
InfoSec Expert
June 11, 2021 11:44 am

<p>Apart from the obvious Intellectual Property (IP) implications of such a data breach, there could be several downstream consequences such as loss of customer account credentials, biographic data, etc., all with potentially Personally Identifiable Information (PII). Additionally EA makes over $2.7 billion from microtransactions or in-game purchasing. App developers today have a higher responsibility to protect consumers and need to increasingly incorporate digital identity, authentication and privacy measures at a code level for improving cyber defense and mitigating fallout from such forms of theft.</p>

Last edited 1 year ago by Rajiv Pimplaskar
Saryu Nayyar
Saryu Nayyar , CEO
InfoSec Expert
June 11, 2021 11:45 am

<p>This sort of breach could potentially take down an organization. Game source code is highly proprietary and sensitive intellectual property that is the heartbeat of a company’s service or offering. Exposing this data is like virtually taking its life. Except that in this case, EA is saying only a limited amount of game source code and tools have been exfiltrated. Even so, the heartbeat has been interrupted and there’s no telling how this attack will ultimately impact the life blood of the company’s gaming services down the line.</p> <p> </p> <p>The lesson here is you must enact robust proactive cyber defenses to protect your IP. The heartbeat must keep drumming on.</p>

Last edited 1 year ago by Saryu Nayyar
David Emm
David Emm , Principal Security Researcher
InfoSec Expert
June 14, 2021 11:14 am

<p>The gaming industry is hugely lucrative, and with the <a href=\"https://74n5c4m7.r.eu-west-1.awstrack.me/L0/https:www.theguardian.comgames2021mar19lockdown-boredom-drives-uk-video-games-market-to-7bn-record-high/1/01020179fabba4ea-ececbf20-2b03-415e-b66f-79445e937aec-000000/7n-hbvIR2JzLMVwwWAkNOqV5g1g=218\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"https://www.google.com/url?q=https://74n5c4m7.r.eu-west-1.awstrack.me/L0/https:2F2Fwww.theguardian.com2Fgames2F20212Fmar2F192Flockdown-boredom-drives-uk-video-games-market-to-7bn-record-high/1/01020179fabba4ea-ececbf20-2b03-415e-b66f-79445e937aec-000000/7n-hbvIR2JzLMVwwWAkNOqV5g1g218&source=gmail&ust=1623755308381000&usg=AFQjCNGH99aW0p8B0DsQ-ExPWpGI25HReg\">UK video games market hitting a record £7bn last year</a> as lockdown fuelled an unprecedented boom in the popularity of online gaming. However, it’s also becoming an increasingly attractive target for cybercriminals. With gaming being a huge, and growing industry, source code to popular games is a valuable asset to cybercriminals. This news is an alarming reminder that intellectual property and other valuable data can be accessed if not protected effectively.</p> <p> </p> <p>Gaming companies should secure their systems and ensure that they update operating systems and applications in a timely manner. In addition, it also requires that they anticipate attacks by identifying weak spots, use threat intelligence to track the TTPs (tactics, techniques and procedures) of potential attackers and proactively monitor their systems for signs of intrusion.</p>

Last edited 1 year ago by David Emm
Tom Van de Wiele
Tom Van de Wiele , Principal Consultant
InfoSec Expert
June 14, 2021 11:16 am

<p style=\"font-weight: 400;\">The EA source code and tools have a surprisingly high value to any company that operates in the shadows and want to get a leg up in competing with the bigger game development companies. Being able to steal an algorithm, approach, or game assets themselves and integrate them fast means not having to develop them on your own and means money and effort is saved that can be directed somewhere else. Especially when those games are released to a limited target group or platform where it is almost impossible to prove any wrongdoing or theft of intellectual property.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">The latter is a side effect of the current geopolitical situation but also the fact that in the last 20 years, most modern computer games have a form of Digital Rights Management (DRM). This DRM is enforced by game developers using cryptography to ensure those game cheaters cannot easily see what is going on in the game’s internal logic and reverse engineer the code to create and sell cheat functionality for profit. Because of this, it will be difficult in the future to prove that a competing company has or hasn\’t stolen either the design principles or implementation of any part of the leaked code if obfuscated well enough.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">Game companies in general, and especially EA which is a video game powerhouse with decades of game development history, must deal with a lot of technology stacks, third parties, and infrastructure that all must work in tandem. The more moving parts and possible interactions, the more susceptible a company is to abuse or misuse that could lead to compromise. Not only do gaming companies have to be able to enforce security on their infrastructure and products in a way that does not impede the creative workforce they so critically depend on, but they also must restrict the functionality that comes with the game so that it cannot be used against others as a platform of attack.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">There have been plenty of examples of this in the recent past where not only other end-users have been targeted through games that allow modified user content to take over someone\’s computer and network, but we also see examples where this was used to breach Game Developers themselves. Game developers want to see what the community around a game is doing by opening some of the gamer community-made creations, this is where backdoors are added to the functionality leading to compromise of the company.</p>

Last edited 1 year ago by Tom Van de Wiele
Jake Moore
Jake Moore , Cybersecurity Specialist
InfoSec Expert
June 14, 2021 11:22 am

<p>This is not the usual attack as it is likely not financially motivated. Attacks on games publishers are usually for other reasons such as cheat making or underground community kudos. Gaming source code makes a popular target for cheat makers and their communities, so protection must be water tight. There will be an inevitable indirect financial hit as EA recovers from a frustrating strike, but luckily this is not related to ransomware like many other current targeted cyberattacks delivering a two-pronged attack.</p>

Last edited 1 year ago by Jake Moore
David Sygula
David Sygula , Senior Cybersecurity Analyst
InfoSec Expert
June 14, 2021 11:26 am

<p>This incident is further proof that addressing data breaches that occur outside the corporate firewall is vital. Businesses must understand what sensitive data is beyond the security perimeter.<u></u><u></u></p> <p> </p> <p>As always, organisations must reduce their digital risk by constantly scanning for leaked documents outside their networks, such as Dark Web forums in the case, to uncover confidential and sensitive data quickly, before it is exploited.</p>

Last edited 1 year ago by David Sygula
Ran Pugach
Ran Pugach , Chief Product and Development Officer
InfoSec Expert
June 14, 2021 11:29 am

<p>EA has revealed that some of its source code has been stolen in a hack. While thankfully no user data has been compromised, this hack still shows how important it is to secure all online interactions. To help protect the valuable data these online gaming companies hold, they need to first and foremost have visibility of their data’s movements.</p> <p><br /><br />As cliche as it sounds, a chain is only as strong as its weakest link, and as the vast majority of hacks are due to human error, so employee awareness and education is crucial. Businesses need to make sure that everyone – regardless of level or job role – understands the importance of cyber security. By having this level of visibility across the business, an employee can notify the security teams of any unusual behaviour happening on the system. A strong cyber security policy is one that combines smart technology with employee buy-in and education.</p>

Last edited 1 year ago by Ran Pugach
Information Security Buzz
Would love your thoughts, please comment.x