Gaming giant Electronic Arts was hacked last month, when a group of hackers had stolen precious source codes for some well-known labels, among other things. And now, it has come to light that the same hackers have leaked the entire cache of the breached EA source codes, after their extortion attempts failed.
A Smart Plan
The perpetrators had apparently tried to extort money from the company, with plans to eventually sell the data files to a third-party. But on Monday, the same files were dumped on an underground forum for cybercriminals, making it easily accessible to one too many torrent sites. The files contain the source code to FIFA 21, a wildly popular soccer game, and also include specific server-side tools.
The leak was first made public on June 10, with the hackers revealing the news on an underground hacker forum, while claiming it to be worth as much as $28 million. Following this, the group had informed Motherboard that they had bought authentication cookies to an EA Slack channel through Genesis, a marketplace on the Dark Web.
These cookies were said to have mimicked the account of an already logged-in EA employee, which then provided the hackers with the access they needed to break into the channel.
They then proceeded to “trick” an IT support staff at EA, making the person grant them access to the internal network of the firm. It was apparently a cakewalk after that, as the criminals downloaded more than 780GB worth of source codes, directly from the firm’s repositories.
But No One Was Interested
They had hoped that the stolen data would bring in a fat sum of money on the Dark Net, buy their plans tanked when buyers realized that the source codes didn’t really carry much value in them, especially since no personal or confidential user data were breached. The hackers then restored to trying the extort EA itself, but this flight didn’t take off, either, it seems. And that is why the hackers leaked the entire set of breached EA source codes.
Initially, the hackers leaked 1.3GB of the source code to FIFA on July 14, followed by the release of the entire set two weeks later. However, the group has confirmed that user data was not compromised, and so, player privacy should not be at risk.
Meanwhile, EA itself has said that it has amped up the security surrounding its games and codes, and has added that it doesn’t expect the incident to have any significant bearing on its business. A criminal investigation is still going on, and the company is “actively working with law enforcement officials” for the same.
Source: The Record