Skip to content
Hackers hack Electronic Arts by stealing source code and in-game tools

Online forum posts reviewed by CNN Business and verified by an independent cybersecurity expert show that on June 6, hackers claimed to have obtained 780 gigabytes of data from EA (EA), including source code Frostbite, which is the game engine that powers the FIFA, Madden, and Battlefield video game series, among others.

The hackers claimed to offer “full operating capability on all EA services”. They also claimed to have stolen software development tools for FIFA 21 and server code for player matchmaking in FIFA 22.

Brett Callow, cybersecurity expert and threat analyst at Emsisoft, said losing control of source code could be problematic for EA’s business. “The source code could, theoretically, be copied by other developers or used to create game hacks,” he said.

“Every time the source code is leaked, it’s not good,” said Ekram Ahmed, spokesperson for cybersecurity firm Check Point. “Hackers can comb through the code, identify deeper loopholes to exploit, and sell that previous code on the dark web to malicious actors.”

Player data was not compromised in the breach, EA’s spokesperson told CNN.

“We are investigating a recent intrusion incident into our network where a limited amount of game source code and related tools have been stolen,” the EA spokesperson said. “No access to player data has been made and we have no reason to believe that there is a risk to player privacy. Following the incident, we have already made security improvements and do not expect any impact on our games or business. We are actively working with law enforcement officials and other experts in this ongoing criminal investigation. “

The data breach was first reported by Vice, who cited some of the same forum posts. EA’s spokesperson confirmed to CNN Business that EA’s statement was in response to the violation reported by Vice.
The breach comes as cyber attacks gain increasing attention, with ransomware attacks hitting top infrastructure companies such as meat-packing company JBS USA and fuel distributor Colonial Pipeline.

EA’s breach was not a ransomware attack, the spokesperson said.


Source link