Hackers Steal FIFA 21 Source Code, Tools in EA Breach - Threatpost

Hackers Steal FIFA 21 Source Code, Tools in EA Breach - Threatpost
No player data was accessed, and we have no reason to believe there is any risk to player privacy, the company said. EA did not immediately return an emailed request for comment from Threatpost Friday morning.

Despite EAs downplaying of the incident, the initial source that reported it suggested the breach was indeed quite serious. A report in Vice Motherboard published late Thursday claims hackers posted on a dark web forum that they have taken the source code for EAs FIFA 21 as well as code for its matchmaking server, in addition to numerous other company assets.

That post appears to be available via a Google cached web page from June 6 that bears the headline We sell the FIFA 21 full src code and tools, asking for a price of $28 million for the 780 gigabyte data dump.

Hackers also claim they have code for many proprietary EA games, frameworks and SDKs, as well as other EA proprietary code and API keys. You have full capability of exploiting on all EA services, they wrote in the post.

Attack Vector Unknown

The hackers are flogging the data on a number of underground hacking forums, according to Motherboard, which claimed to have viewed various posts for its sale.

At this time EA has not disclosed how attackers breached its network. The company said it already has made unspecified security improvements after it discovered the breach and does not expect the incident to impact its games or its business, according to the statement.

One security expert speculated that attackers probably exploited an unpatched, known vulnerability in EAs network, which is an all-too-common way attackers use to infiltrate corporate servers.

It is unlikely that the attackers found a zero-day vulnerability and created their own exploit against a popular used software, observed Candid Wuest, vice president of cyber protection research at data protection firm Acronis , in an email to Threatpost. It would be more likely that EA did not patch a known vulnerability, as we have seen with many other companies and the Microsoft Exchange ProxyLogon vulnerability in March.

A misconfigured and exposed service also could have been the culprit that allowed attackers to gain access, he said. Overall it highlights that a comprehensive cyber protection strategy is required in todays threat landscape, Wuest added.

EA is currently working with law enforcement and other security experts as part of an ongoing criminal investigation into the attack, the company said.

Monetization Options

If a significant chunk of the companys intellectual property (IP) has indeed fallen into the wrong hands, the breach could pose long-term problems for EA, giving threat actors numerous options for future exploitation of the data theyve stolen, security experts said.

This sort of breach could potentially take down an organization, Saryu Nayyar, CEO of security and risk analytics firm Gurucul, said in an email to Threatpost. Game source code is highly proprietary and sensitive intellectual property that is the heartbeat of a companys service or offering.

With access to EAs IP, theres a lot an attacker can do to capitalize financially on the breach beyond selling it on the dark webfrom finding bugs in applications, to directly pirating software, another expert observed.

In modern cybercriminal enterprises, were seeing a lot of advanced monetization strategies, said David Moose Wolpoff, CTO and co-founder of attack surface management firm Randori. In the case of this EA attack, Id wager that well see the attackers parsing out access to maximize profits.

A nameless malware resulted in a huge data heist of files, credentials, cookies and more that researchers found collected into a cloud database.

Unprotected server exposes AMT Games user data containing user emails and purchase information.

Tech giant disables ProjectWEB cloud-based collaboration platform after threat actors gained access and nabbed files belonging to several state entities.
Read more on Threatpost
News Topics :
Similar Articles :
January Patch Tuesday tackles 50 bugs, with eight rated critical, all as it pushes out its last regular Windows 7 patches. A major crypto spoofing bug impacting Windows 10 users has...
In a coffee shop scenario, attackers can hijack secure VPN sessions of those working remotely, injecting data into their TCP streams. A vulnerability in most Linux distros has been uncovered that...
A unique cyberattack campaign that targets Kubeflow, a machine learning toolkit for Kubernetes, has affected large swathes of container clusters, according to Microsoft. The Kubeflow open source project is a popular framework...
Researchers identified serious flaws in Qualcomms Snapdragon SoC and the Hexagon architecture that impacts nearly half of Android handsets. Six serious bugs in Qualcomms Snapdragon mobile chipset impact up to...
The zero day Zoom flaws could give local, unprivileged attackers root privileges, and allow them to access victims microphone and camera. Two zero day flaws have been uncovered in Zooms macOS client...