Hackers Steal Wealth of Data from Game Giant EA

Hackers have broken into gaming giant Electronic Arts, the publisher of Battlefield, FIFA, and The Sims, and stole a wealth of game source code and related internal tools. “You have full capability of exploiting on all EA services,” the hackers claimed in various posts on underground hacking forums. A source with access to the forums, some of which are locked from public view, provided Motherboard with screenshots of the messages. In those forum posts the hackers said they have taken the source code for FIFA 21, as well as code for its matchmaking server. The hackers also said they have obtained source code and tools for the Frostbite engine, which powers a number of EA games including Battlefield. Other stolen information includes proprietary EA frameworks and software development kits (SDKs), bundles of code that can make game development more streamlined. In all, the hackers say they have 780GB of data and are advertising it for sale in various underground hacking forum posts viewed by Motherboard. 

Experts Comments

June 14, 2021
Ran Pugach
Chief Product and Development Officer
Ava Security

EA has revealed that some of its source code has been stolen in a hack. While thankfully no user data has been compromised, this hack still shows how important it is to secure all online interactions. To help protect the valuable data these online gaming companies hold, they need to first and foremost have visibility of their data’s movements.



As cliche as it sounds, a chain is only as strong as its weakest link, and as the vast majority of hacks are due to human error, so employee awareness

.....Read More

EA has revealed that some of its source code has been stolen in a hack. While thankfully no user data has been compromised, this hack still shows how important it is to secure all online interactions. To help protect the valuable data these online gaming companies hold, they need to first and foremost have visibility of their data’s movements.



As cliche as it sounds, a chain is only as strong as its weakest link, and as the vast majority of hacks are due to human error, so employee awareness and education is crucial. Businesses need to make sure that everyone - regardless of level or job role - understands the importance of cyber security. By having this level of visibility across the business, an employee can notify the security teams of any unusual behaviour happening on the system. A strong cyber security policy is one that combines smart technology with employee buy-in and education.

  Read Less
June 14, 2021
David Sygula
Senior Cybersecurity Analyst
CybelAngel

This incident is further proof that addressing data breaches that occur outside the corporate firewall is vital. Businesses must understand what sensitive data is beyond the security perimeter.

 

As always, organisations must reduce their digital risk by constantly scanning for leaked documents outside their networks, such as Dark Web forums in the case, to uncover confidential and sensitive data quickly, before it is exploited.

June 14, 2021
Jake Moore
Cybersecurity Specialist
ESET

This is not the usual attack as it is likely not financially motivated. Attacks on games publishers are usually for other reasons such as cheat making or underground community kudos. Gaming source code makes a popular target for cheat makers and their communities, so protection must be water tight. There will be an inevitable indirect financial hit as EA recovers from a frustrating strike, but luckily this is not related to ransomware like many other current targeted cyberattacks delivering a

.....Read More

This is not the usual attack as it is likely not financially motivated. Attacks on games publishers are usually for other reasons such as cheat making or underground community kudos. Gaming source code makes a popular target for cheat makers and their communities, so protection must be water tight. There will be an inevitable indirect financial hit as EA recovers from a frustrating strike, but luckily this is not related to ransomware like many other current targeted cyberattacks delivering a two-pronged attack.

  Read Less
June 14, 2021
Tom Van de Wiele
Principal Consultant
F-Secure

The EA source code and tools have a surprisingly high value to any company that operates in the shadows and want to get a leg up in competing with the bigger game development companies. Being able to steal an algorithm, approach, or game assets themselves and integrate them fast means not having to develop them on your own and means money and effort is saved that can be directed somewhere else. Especially when those games are released to a limited target group or platform where it is almost

.....Read More

The EA source code and tools have a surprisingly high value to any company that operates in the shadows and want to get a leg up in competing with the bigger game development companies. Being able to steal an algorithm, approach, or game assets themselves and integrate them fast means not having to develop them on your own and means money and effort is saved that can be directed somewhere else. Especially when those games are released to a limited target group or platform where it is almost impossible to prove any wrongdoing or theft of intellectual property.

 

The latter is a side effect of the current geopolitical situation but also the fact that in the last 20 years, most modern computer games have a form of Digital Rights Management (DRM). This DRM is enforced by game developers using cryptography to ensure those game cheaters cannot easily see what is going on in the game’s internal logic and reverse engineer the code to create and sell cheat functionality for profit. Because of this, it will be difficult in the future to prove that a competing company has or hasn't stolen either the design principles or implementation of any part of the leaked code if obfuscated well enough.

 

Game companies in general, and especially EA which is a video game powerhouse with decades of game development history, must deal with a lot of technology stacks, third parties, and infrastructure that all must work in tandem. The more moving parts and possible interactions, the more susceptible a company is to abuse or misuse that could lead to compromise. Not only do gaming companies have to be able to enforce security on their infrastructure and products in a way that does not impede the creative workforce they so critically depend on, but they also must restrict the functionality that comes with the game so that it cannot be used against others as a platform of attack.

 

There have been plenty of examples of this in the recent past where not only other end-users have been targeted through games that allow modified user content to take over someone's computer and network, but we also see examples where this was used to breach Game Developers themselves. Game developers want to see what the community around a game is doing by opening some of the gamer community-made creations, this is where backdoors are added to the functionality leading to compromise of the company.

  Read Less
June 14, 2021
David Emm
Principal Security Researcher
Kaspersky

The gaming industry is hugely lucrative, and with the UK video games market hitting a record £7bn last year as lockdown fuelled an unprecedented boom in the popularity of online gaming. However, it’s also becoming an increasingly attractive target for cybercriminals. With gaming being a huge, and growing industry, source code to popular games is a valuable asset to cybercriminals. This news is an alarming reminder that intellectual property and other valuable data can be accessed if not

.....Read More

The gaming industry is hugely lucrative, and with the UK video games market hitting a record £7bn last year as lockdown fuelled an unprecedented boom in the popularity of online gaming. However, it’s also becoming an increasingly attractive target for cybercriminals. With gaming being a huge, and growing industry, source code to popular games is a valuable asset to cybercriminals. This news is an alarming reminder that intellectual property and other valuable data can be accessed if not protected effectively.

 

Gaming companies should secure their systems and ensure that they update operating systems and applications in a timely manner. In addition, it also requires that they anticipate attacks by identifying weak spots, use threat intelligence to track the TTPs (tactics, techniques and procedures) of potential attackers and proactively monitor their systems for signs of intrusion.

  Read Less
June 11, 2021
Saryu Nayyar
CEO
Gurucul

This sort of breach could potentially take down an organization. Game source code is highly proprietary and sensitive intellectual property that is the heartbeat of a company’s service or offering. Exposing this data is like virtually taking its life. Except that in this case, EA is saying only a limited amount of game source code and tools have been exfiltrated. Even so, the heartbeat has been interrupted and there’s no telling how this attack will ultimately impact the life blood of the

.....Read More

This sort of breach could potentially take down an organization. Game source code is highly proprietary and sensitive intellectual property that is the heartbeat of a company’s service or offering. Exposing this data is like virtually taking its life. Except that in this case, EA is saying only a limited amount of game source code and tools have been exfiltrated. Even so, the heartbeat has been interrupted and there’s no telling how this attack will ultimately impact the life blood of the company’s gaming services down the line.

 

The lesson here is you must enact robust proactive cyber defenses to protect your IP. The heartbeat must keep drumming on.

  Read Less
June 11, 2021
Rajiv Pimplaskar
Vice President
Veridium

Apart from the obvious Intellectual Property (IP) implications of such a data breach, there could be several downstream consequences such as loss of customer account credentials, biographic data, etc., all with potentially Personally Identifiable Information (PII). Additionally EA makes over $2.7 billion from microtransactions or in-game purchasing. App developers today have a higher responsibility to protect consumers and need to increasingly incorporate digital identity, authentication and

.....Read More

Apart from the obvious Intellectual Property (IP) implications of such a data breach, there could be several downstream consequences such as loss of customer account credentials, biographic data, etc., all with potentially Personally Identifiable Information (PII). Additionally EA makes over $2.7 billion from microtransactions or in-game purchasing. App developers today have a higher responsibility to protect consumers and need to increasingly incorporate digital identity, authentication and privacy measures at a code level for improving cyber defense and mitigating fallout from such forms of theft.

  Read Less
June 11, 2021
Erich Kron
Security Awareness Advocate
KnowBe4

This incident demonstrates the fact that even high-tech organizations are vulnerable to potential data breaches. In this case, the source code for several products, some very valuable and costly to produce intellectual property, has been stolen by the cyber criminals and offered on the open market. Interestingly, at this time, it appears they did not attempt to ransom the data back to EA, but instead chose to offer it to the highest bidder. If this data includes a significant amount of

.....Read More

This incident demonstrates the fact that even high-tech organizations are vulnerable to potential data breaches. In this case, the source code for several products, some very valuable and costly to produce intellectual property, has been stolen by the cyber criminals and offered on the open market. Interestingly, at this time, it appears they did not attempt to ransom the data back to EA, but instead chose to offer it to the highest bidder. If this data includes a significant amount of proprietary information, it may be valuable to competitors, or it may include information or vulnerabilities that could be used in future attacks against EA products or customers with installed EA games.

 

Unfortunately, these successful attacks are often a byproduct of human error. Reused passwords or harvested credentials are common ways for attackers to gain access to systems and networks. For this reason, it is a wise move for organizations to regularly educate employees about potential attack vectors and the importance of being vigilant for attacks that may target them. In addition, robust Data Loss Prevention controls can help spot when sensitive data may be moving out of the victim's network and play an important role in an organization's layered security strategy.

  Read Less
June 11, 2021
Chris Hauk
Consumer Privacy Champion
Pixel Privacy

The EA data breach is different from numerous other attacks, as it isn't a ransomware attack, but instead the bad actors that pulled off the breach are looking to sell the information obtained in the breach to the highest bidder among other hackers. 

 

Happily, it appears, for now at least, that no actual player personal data was exposed and the breach was instead directed at company assets. There is a possibility that later on the gleaned information could be used to engineer hack attacks

.....Read More

The EA data breach is different from numerous other attacks, as it isn't a ransomware attack, but instead the bad actors that pulled off the breach are looking to sell the information obtained in the breach to the highest bidder among other hackers. 

 

Happily, it appears, for now at least, that no actual player personal data was exposed and the breach was instead directed at company assets. There is a possibility that later on the gleaned information could be used to engineer hack attacks on gamers while they're playing the game, or to give some less than scrupulous players the ability to cheat, ruining the gaming experience for other players. 

 

Attacks like these underscore the value of data from gaming giants, as well as the need for companies like EA to step up their efforts on protecting this valuable proprietary data.

  Read Less
June 11, 2021
Paul Bischoff
Privacy Advocate
Comparitech

Thankfully, no user data was stolen from EA, so players shouldn't be at increased risk of cyber attacks, phishing, or identity theft. The stolen data mostly includes source code and tools for game development. It's information that's valuable, but probably only to a small handful of people who would know what to do with it. An unscrupulous game developer could steal intellectual property for their own games, for example. Another possibility is that game hackers could use the data to

.....Read More

Thankfully, no user data was stolen from EA, so players shouldn't be at increased risk of cyber attacks, phishing, or identity theft. The stolen data mostly includes source code and tools for game development. It's information that's valuable, but probably only to a small handful of people who would know what to do with it. An unscrupulous game developer could steal intellectual property for their own games, for example. Another possibility is that game hackers could use the data to cheat in online games, such as by manipulating the matchmaking in FIFA.

  Read Less
June 11, 2021
Sam Curry
Chief Security Officer
Cybereason

Oftentimes, there isn't a lot of good news or optimism resulting from another global giant being breached. However, in the case of EA, they deal in petabytes of information so the reported amount of stolen data is relatively small in the gaming world. I'm not trying to diminish or minimize this compromise as the source code used to develop EA's popular games has value to competitors and threat actors looking to sell the info on the darkweb. However, from initial reports, customer info,

.....Read More

Oftentimes, there isn't a lot of good news or optimism resulting from another global giant being breached. However, in the case of EA, they deal in petabytes of information so the reported amount of stolen data is relatively small in the gaming world. I'm not trying to diminish or minimize this compromise as the source code used to develop EA's popular games has value to competitors and threat actors looking to sell the info on the darkweb. However, from initial reports, customer info, financial info or other proprietary information hasn't been stolen. Behind the scenes, the threat actors either didn't ultimately get where they wanted to in the network or the good guys discovered the compromise early enough to limit the damage. EA should continue to be transparent, share as many details as possible and use this compromise as an opportunity to educate other companies in need of improving their own security hygiene. We should all look forward to hearing more from EA relating to this compromise and they have the opportunity to play the role of hero in this situation, as the role of villain or victim isn't an option.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.