750GB of data stolen in Electronic Arts (EA) breach

Electronic Arts (EA), the company behind such games as The Sims and FIFA, has reportedly been a victim of a cyberattack during which hackers were able to steal 750GB of data, including game source codes and internal tools. The stolen data is being sold for $28 million, with hackers promising “full capability of exploiting on all ea services”.

 

Image: Maxim Abramov

EA has confirmed that the company was indeed a victim of an attack but quickly reassured that no player data was accessed. The attack itself should also not have an impact on their video games or business, according to EA. Very little information is currently known about the attack and how exactly the hackers were able to get access to EA’s network, though the game developer refuted claims that ransomware is responsible.

“No player data was accessed, and we have no reason to believe there is any risk to player privacy. Following the incident, we’ve already made security improvements and do not expect an impact on our games or our business. We are actively working with law enforcement officials and other experts as part of this ongoing criminal investigation” an EA spokesperson told Motherboard.

According to the hackers currently selling the data, they were able to steal the following:

• Debug tools, SDK and API keys;
• FIFA 21 matchmaking server code;
• FIFA 22 API keys and SDK, as well as debugging tools;
• FrostBite game engine source code and debug tools;
• proprietary EA game frameworks;
• XBOX and SONY private SDK & API key;
• XB PS and EA pfx and crt with key.

Screenshots of directory listings and source code were also shared to serve as proof that the data being sold is legitimate. The data dump is reportedly 780GB and is currently being sold for $28 million. It’s still early to tell how much of an impact the cyberattack will have on the company and its video games. It would not be the first time for a company to downplay an incident only to later reveal that the impact may be much more severe than initially reported.

Other video game companies have also been targeted by cyberattacks

EA is not the first video game company to be targeted by cybercriminals. Polish game developer CD Projekt Red suffered a ransomware attack in February 2021, and it too had game source codes stolen during the attack. The hackers, identified as the HelloKitty ransomware gang, demanded that the Witcher 3 developer pay a ransom to not leak the stolen data. CD Projekt Red refused to pay anything, and true to their word, the hackers tried to sell the information they had stolen. In a new statement released on June 10, 2021, the game developer said the cyberattack may have been more serious than initially reported.

According to the statement posted on Twitter, the stolen data is currently being circulated on the Internet and while the company cannot confirm this, it believes that the information may include current/former employee and contractor details, as well as game data.

“We are not able to confirm the exact contents of the data in question, though we believe it may include current/former employee and contractor details in addition to data related to our games. Furthermore, we cannot confirm whether or not the data involved may have been manipulated or tampered with following the breach,” the statement reads.