Hackers Steal FIFA 21 Source Code, Tools in EA Breach - Threatpost
|Threatpost 11 Jun 2021 at 08:56|
No player data was accessed, and we have no reason to believe there is any risk to player privacy, the company said. EA did not immediately return an emailed request for comment from Threatpost Friday morning.
Despite EAs downplaying of the incident, the initial source that reported it suggested the breach was indeed quite serious. A report in Vice Motherboard published late Thursday claims hackers posted on a dark web forum that they have taken the source code for EAs FIFA 21 as well as code for its matchmaking server, in addition to numerous other company assets.
That post appears to be available via a Google cached web page from June 6 that bears the headline We sell the FIFA 21 full src code and tools, asking for a price of $28 million for the 780 gigabyte data dump.
Hackers also claim they have code for many proprietary EA games, frameworks and SDKs, as well as other EA proprietary code and API keys. You have full capability of exploiting on all EA services, they wrote in the post.
Attack Vector Unknown
The hackers are flogging the data on a number of underground hacking forums, according to Motherboard, which claimed to have viewed various posts for its sale.
At this time EA has not disclosed how attackers breached its network. The company said it already has made unspecified security improvements after it discovered the breach and does not expect the incident to impact its games or its business, according to the statement.
One security expert speculated that attackers probably exploited an unpatched, known vulnerability in EAs network, which is an all-too-common way attackers use to infiltrate corporate servers.
It is unlikely that the attackers found a zero-day vulnerability and created their own exploit against a popular used software, observed Candid Wuest, vice president of cyber protection research at data protection firm Acronis , in an email to Threatpost. It would be more likely that EA did not patch a known vulnerability, as we have seen with many other companies and the Microsoft Exchange ProxyLogon vulnerability in March.
A misconfigured and exposed service also could have been the culprit that allowed attackers to gain access, he said. Overall it highlights that a comprehensive cyber protection strategy is required in todays threat landscape, Wuest added.
EA is currently working with law enforcement and other security experts as part of an ongoing criminal investigation into the attack, the company said.
If a significant chunk of the companys intellectual property (IP) has indeed fallen into the wrong hands, the breach could pose long-term problems for EA, giving threat actors numerous options for future exploitation of the data theyve stolen, security experts said.
This sort of breach could potentially take down an organization, Saryu Nayyar, CEO of security and risk analytics firm Gurucul, said in an email to Threatpost. Game source code is highly proprietary and sensitive intellectual property that is the heartbeat of a companys service or offering.
With access to EAs IP, theres a lot an attacker can do to capitalize financially on the breach beyond selling it on the dark webfrom finding bugs in applications, to directly pirating software, another expert observed.
In modern cybercriminal enterprises, were seeing a lot of advanced monetization strategies, said David Moose Wolpoff, CTO and co-founder of attack surface management firm Randori. In the case of this EA attack, Id wager that well see the attackers parsing out access to maximize profits.
A nameless malware resulted in a huge data heist of files, credentials, cookies and more that researchers found collected into a cloud database.
Unprotected server exposes AMT Games user data containing user emails and purchase information.
Tech giant disables ProjectWEB cloud-based collaboration platform after threat actors gained access and nabbed files belonging to several state entities.