It is no new news that video companies get hacked sometimes and their data gets stolen. Electronic Arts seems to be the latest prey for cyber attackers and online piracy. Electronic Arts (EA), the giants behind video games such as Battlefield, Need for Speed, The Sims, Medal of Honor, Command & Conquer, Dead Space, Mass Effect, Dragon Age, Army of Two, Titanfall, and Star Wars, as well as the EA Sports titles FIFA, Madden NFL, NBA Live, NHL, and EA Sports UFC had source code to ‘FIFA 2021’ and Frostbite engine stolen by hackers and online pirates.

Summary

• Valuable information stolen
• The hackers claims
• No player data accessed
• Video game companies are being targeted by hackers
• Onsist’s recommendation

Valuable information stolen

The hackers have claimed that they have stolen the source code for ‘Fifa 21’ and both the source code and tools for EA’s proprietary Frostbite game engine, which is used as the base for many other high-profile games. Games such as the Battlefield series and several recent Star Wars games from EA.

Some of the other assets the hackers claim they took from the company include several software development kits and proprietary EA frameworks. In total 780 Gigabytes (GB) of data was stolen, first reported by Vice. 

The cyber attackers claims

The hackers have since written their claims in various posts on underground hacking forums which are locked from public view. A source with access to some of those forums provided Motherboard with screenshots of the hackers messages. 

Here is a list of what the hackers have claimed so far – 

• They have claimed to take the source code for FIFA 21, as well as code for its matchmaking server
• The hackers shared a few screenshots, which they are using to claim to demonstrate their access to EA data, but did not publicly distribute any of the internal data itself
• The hackers claim to have obtained source code and tools for the Frostbite engine, which powers a number of EA games including Battlefield
• Other stolen information includes proprietary EA frameworks and software development kits (SDKs), bundles of code that can make game development more streamlined
• At present the hackers are trying to sell the information they have stolen in various underground hacking forum posts
• “Only serious and rep (reputation) members all other would be ignored,” the hackers wrote in their post

Source: Vice

No player data accessed by cyber attackers

EA has since confirmed the report to Motherboard that it was the victim of a data breach and that the data the publication saw online was what was stolen from it. 

“We are investigating a recent incident of intrusion into our network where a limited amount of game source code and related tools were stolen,” an EA spokesperson said in a statement.

“No player data was accessed, and we have no reason to believe there is any risk to player privacy,” she added.

The company said it had already improved security and stated that it did not expect “an impact on our games or our business”.

Law enforcement has also been contacted.

The “network intrusion” was not a ransomware attack and had happened recently, EA added.

Video game companies are being targeted by cyber attackers

This attack on EA by hackers was the recent one out of many high profile attacks on other giant gaming companies since the past few years.

In April 2020, the children’s game Webkinz World made by Canadian toy company Ganz, was attacked by an anonymous hacker who leaked the usernames and passwords of around 23 million online players. The hacker supposedly accessed the game’s database using an SQL injection flaw found in one of the site’s web forms.

In June 2020, Nintendo had 300,000 customer accounts compromised in a cyberattack.The hackers accessed the Nintendo Network ID accounts of game players who used the same passwords on their Nintendo and Nintendo Network accounts. As a result, the hackers could have bought items at the My Nintendo store or the Nintendo eShop using virtual funds or money from a linked PayPal account.

In November last year, Capcom, the maker of Street Fighter and Resident Evil, suffered a ransomware attack which may have revealed the personal information of up to 350,000 people.

In February 2021, Polish video game company CD Projekt, the makers of Witcher 3 and Cyberpunk 2077 was the prey of a ransomware attack by cybercriminals. The attackers claimed that they obtained the source code for the video games Cyberpunk 2077, Witcher 3, Gwent and an unreleased version of Witcher 3. After CD Projekt refused to pay the ransom, the hackers auctioned the source code and other confidential data with a reported starting price of $1 million and a buy-it-now price of $7 million.

Onsist’s recommendation

Onsist recommends to up your cybersecurity by monitoring the deep and dark web. Onsist offers services that can detect dark web threats, pick up on attackers and their intentions, and avert future attacks.

• Dark Web Monitoring: Monitor and look for online threats that are hiding on hidden sources such as data breach archives, illegitimate and illegal forums, and dark web marketplaces. Find out about groups that are targeting your brand, business or person and why they are doing it. Be right there when compromised data is leaked, take action and prevent future attacks.
• Monitoring 24/7: With Onsist’s Threat Intelligence and Dark Web Monitoring services, your team will be able to monitor the deep and dark web 24/7. Whenever a new threat or leak has been identified, you will get notified.