Yesterday we learned that Electronic Arts had been the victim of a hacker attack. The Redwood City team had 780GB of data stolen, including the FIFA 21 source code, the Frostbite engine code, and many other software tools. Today, also through Vice, we know exactly how hackers managed to circumvent EA’s security barriers.
Hackers began buying stolen cookies for $ 10. As you know, the cookie information saves the user’s login data, so with those cookies they could impersonate another EA user and enter EA Slack (the communication platform within the company).
On Slack, they contacted EA helpdesk, telling them they lost their cell phone at a party the previous night. From them they obtained a authentication token with which they entered the EA database, from which they could obtain all the data they wanted.
The hackers provided screenshots to Vice to explain their story, which was corroborated by EA, who also contacted Vice, who was the “go-between” in this strange case. Vice also received some captures of the information stolen by the hackers, including “materials on PlayStation VR, on how they create crowds in FIFA and documents on Artificial Intelligence in their games.”
EA confirmed, yes, that users’ personal data was not compromised.
The intention of the hackers, as explained yesterday, is to sell this data in forums, and they have no intention of making them public. EA, for its part, is speaking with specialists legal authorities in the criminal investigation of this case of ransomware, similar to the one that suffered Capcom a few months ago or the one is also suffering CD Projekt… although in this case, it includes sensitive information from workers.