Hackers have compromised the network of the gaming giant Electronic Arts (EA) and claim to have stolen approximately 780 GB of data.
The stolen data include the source code of the games, the source code of the FrostBite game engine and debug tools, FIFA 21 matchmaking server code, proprietary EA games frameworks, debug tools, SDK, and API keys, XBOX and SONY private SDK & API key, XB PS and EA pfx and crt with key, and FIFA 22 API keys and SDK & debug tools
Motherboard, who was among the first sites to report the security breach, contacted EA which confirmed the data breach.
“We are investigating a recent incident of intrusion into our network where a limited amount of game source code and related tools were stolen,” an EA spokesperson told Motherboard in a statement. “No player data was accessed, and we have no reason to believe there is any risk to player privacy. Following the incident, we’ve already made security improvements and do not expect an impact on our games or our business. We are actively working with law enforcement officials and other experts as part of this ongoing criminal investigation.”
BleepingComputer also received a statement from the gaming giant that said it was not hit by a ransomware attack. The company attempted to downplay the data breach saying that only “a limited amount of code and related tools were stolen”, it also added that they expect that the data breach will not impact its business.
The company said that hackers did not access player data, it also added to have already implemented additional security measures.
At the time of this writing, it is not clear how the threat actor compromised the network of Electronic Arts.
BleepingComputer was also able to contact the threat actor selling EA the stolen data who is offering the full FIFA source, EA game clients, and EA in-game points.
According to the messages left by the threat actor on multiple hacker forums, stolen data could give attackers the capability of compromising all EA services.
“You have full capability of exploiting on all EA services,”
The hackers shared some screenshots as proof of the hack, but did not publicly share any data sample.
“Only serious and rep members all other would be ignored,” the hackers wrote in their post.
(SecurityAffairs – hacking, Electronic Arts)