Low section of soccer player with ball against goalkeeper showing data breach and sale on hacking forum

Hackers Behind EA Data Breach Are Selling FIFA 21 Source Code on an Underground Hacking Forum

Hackers stole Electronic Arts’ source code for FIFA 21, the Frostbite engine, and game development tools, according to MotherBoard.

Earlier this week, the hackers behind the EA data breach also announced that they were selling about 780 gigabytes of the stolen game source code and tools on an underground hacking forum.

The threat actors shared screenshots of the stolen source code and directory listings to prove the legitimacy of their claims. Additionally, the hackers claim they have Microsoft’s Xbox and Sony’s SDKs and API keys for sale.

Electronic Arts data breach had no impact on business, gaming, or players’ privacy

An EA spokesman acknowledged the data breach that exposed a “limited” number of source code repositories and development tools.

“We are investigating a recent incident of intrusion into our network where a limited amount of game source code and related tools were stolen. No player data was accessed, and we have no reason to believe there is any risk to player privacy.”

The company added that it did not expect an impact on its business or gaming activity after the data breach.

Additionally, EA disclosed that it was working with law enforcement officials and other experts as part of the ongoing criminal investigation.

Electronic Arts also clarified that the data breach was not a ransomware incident, unlike recent high-profile compromises against Colonial Pipeline and JBS.

Threat actors list stolen data on an underground hacking forum

The threat actors responsible for the EA data breach announced they were selling the stolen data on an underground hacking forum.

For $28 million, they promised potential buyers that they would also transfer the “full capability of exploiting” the video game company to their customers.

“You have full capability of exploiting on all EA services,” screenshots from the underground hacking forum shared by Motherboard read.

Part of the stolen data includes API keys for FIFA 22, Xbox, Sony, and SDK debug tools. The hackers also accessed XB PS and EA pfx and crt with key, according to Bleeping Computer.

Apart from the security details, the hackers also stole FIFA 22, FIFA 21 matchmaking server, and Frostbite engine source codes, proprietary EA frameworks, SDKs, and debug tools.

The game engine is at the core of several games, including FIFA, Battlefield, and Star Wars. However, the hackers did not upload any source code to the underground hacking forum.

Apart from the immediate financial gain, stolen source codes could allow hackers to discover weaknesses in the game engine for future compromise.

When questioned on how they breached the Electronic Arts’ computer network, the hackers declined to reveal their tactics. However, EA said that it had experienced a network outage that allowed the hacker to steal data.

Commenting on EA data breach, Erich Kron, security awareness advocate at KnowBe4, says:

“This incident demonstrates the fact that even high-tech organizations are vulnerable to potential data breaches. In this case, the source code for several products, some very valuable and costly to produce intellectual property, has been stolen by the cybercriminals and offered on the open market.”

Kron noted that if the information contains a significant amount of proprietary information, it could be valuable to competitors.

“Unfortunately, these successful attacks are often a byproduct of human error,” Kron added. “Reused passwords or harvested credentials are common ways for attackers to gain access to systems and networks.”

According to Kron, it was important for organizations to regularly educate employees on various potential attack vectors.

“In addition, robust data loss prevention controls can help spot when sensitive data may be moving out of the victim’s network and play an important role in an organization’s layered security strategy,” he said.

“This sort of breach could potentially take down an organization,” Saryu Nayyar, CEO at Gurucul, said. “Game source code is highly proprietary and sensitive intellectual property that is the heartbeat of a company’s service or offering.”

Nayyar compared leaking a company’s source code to “virtually taking its life.” Although only a limited amount of source code was exposed, Nayyar said that “the heartbeat has been interrupted, and there’s no telling how this attack will ultimately impact the lifeblood of the company’s gaming services down the line.”