Gaming Giant EA Suffers Major Data Breach

Hackers have stolen a wealth of data from gaming giant Electronic Arts (EA), including game source code and tools for several popular games, it has been reported.

Cyber-criminals made the claim in blog posts published on underground hacking forums, where they advertised a total of 780GB of data for sale. These posts were viewed and detailed by Motherboard, who EA informed that it had indeed suffered a data breach.

Among the data stolen was the source code for the popular football game FIFA 21 and code for its matchmaking server, and source code and tools for the Frostbite engine, which powers several EA games, including Battlefield. Additionally, the attackers took proprietary EA frameworks and software development kits.

Fortunately, it appears that hackers stole no personal data of customers in the breach, and EA told Motherboard that it does not expect the attack to impact “our games or our business.” This means that players should not be at an increased risk of cyber-attacks, phishing or identity theft.

Tom Van de Wiele, the principal security consultant at F-Secure, explained that the biggest impact of the data theft could that it offers valuable information for EA’s competitors to exploit. He said that “The EA source code and tools have a surprisingly high value to any company that operates in the shadows and want to get a leg up in competing with the bigger game development companies. Being able to steal an algorithm, approach, or game assets themselves and integrate them fast means not having to develop them on your own and means money and effort is saved that can be directed somewhere else. Especially when those games are released to a limited target group or platform where it is almost impossible to prove any wrongdoing or theft of intellectual property.”

Sam Curry, chief security officer at Cybereason, commented: “Oftentimes, there isn’t a lot of good news or optimism resulting from another global giant being breached. However, in the case of EA, they deal in petabytes of information so the reported amount of stolen data is relatively small in the gaming world. I’m not trying to diminish or minimize this compromise as the source code used to develop EA’s popular games has value to competitors and threat actors looking to sell the info on the darkweb.”

Curry also urged EA to share as many details as possible about how the breach occurred. “From initial reports, customer info, financial info or other proprietary information hasn’t been stolen. Behind the scenes, the threat actors either didn’t ultimately get where they wanted to in the network, or the good guys discovered the compromise early enough to limit the damage,” he said.

“EA should continue to be transparent, share as many details as possible and use this compromise as an opportunity to educate other companies in need of improving their own security hygiene. We should all look forward to hearing more from EA relating to this compromise and they have the opportunity to play the role of hero in this situation, as the role of villain or victim isn’t an option.”

Hackers have increasingly targeted the gaming industry in recent years due to its surging popularity. Researchers revealed they discovered 500,000 breached employee credentials and a million compromised internal accounts on the dark web from gaming firms earlier this year. 

What’s Hot on Infosecurity Magazine?