Hackers Dump Stolen FIFA 21 Code Online After Failing to Obtain a Ransom

Hackers who breached Electronic Arts (EA)’s systems a while back to steal FIFA 21 source code have released all of their data online after EA refused to pay a ransom. The hackers had earlier reached out to third party buyers who also declined purchasing the stolen data. 

Earlier, EA had tried to downplay the incident. However, reports emerged that revealed that the breach was indeed serious. A separate report even indicated that the hackers had posted on a dark web page that they had obtained the source code for EA’s FIFA 21 in addition to various other assets of the company. 

Murky History

At the beginning, it was unclear how the hackers accessed the network. In response to the question of the origin of the attack, the company stated that it was making some unspecified modifications to its systems to mitigate the effects of the breach and forestall future occurrences. While not addressing the challenge specifically, EA reassured customers that the breach would not impact its services. In addition, the company revealed that it was working with security and law enforcement agents to handle the breach.

However, some sources have revealed that the breach could have originated from a zero-day vulnerability on EA’s network. Zero-day vulnerabilities are all too common in these types of attacks because of the absence of patches to tackle them. This is the view of Candid Wuest, Vice President of Acronis, a cyber protection research firm. He stated that the breach may have also resulted from EA’s reluctance to patch a known vulnerability.

Eventually, concrete evidence emerged which revealed that the hackers gained access by infiltrating EA’s internal slack channel. In an interview with Motherboard, the hackers revealed that they gained access by buying authentication cookies from an online platform they simply referred to as Genesis. The cookies allow anyone to gain access to the Slack channel because they hold login credentials of EA users. Thus, they mimicked an EA staff who was already logged in and eventually tricked an EA IT staff to grant them access to the company’s internal server. Upon gaining access, they proceeded to download the large cache of data. 

Blackmail Attempts

Beginning from June 10, the hackers demanded $28 million for their 780GB worth of data. The criminals threatened to release the data online if EA did not agree to their demands. However, EA did not budge. According to the company, there were no sensitive user credentials in the data the hackers had access to. Furthermore, the company reassured its customers that it had already taken steps to make sure the breach did not impact the games or their business. Hence, customers had nothing to fear. 

The hackers then decided to auction off the data to third parties in the black market in a bid to monetize the stolen data. This did not also get the expected attention they thought it would. Buyers were not interested in purchasing data that held no sensitive customer information as it would be ineffective for use in criminal activity.  

In a last resort, the hackers uploaded the data online so that anyone could access it. The data contains the source code of FIFA 21 and other tools that support the company’s other services. The hackers dumped the data cache in an underground forum on July 26, after posting snippets on July 14. The cache has received massive engagement, especially from torrenters.

This does not harm EA in any great way. Players can play FIFA 21 games on their own server without having to obtain consent from EA. However, that is the extent of the benefits the stolen data can afford anyone. Even at that, it will be ill-advised for players to explore this option because it could potentially expose them to vulnerabilities of their own. The best approach is still to purchase a copy of the game directly from EA’s website. 

Future Breaches

The challenge is far from over for EA. Source codes are important aspects of companies’ Intellectual Property. A breach such as the one witnessed portends future challenges beyond just selling the codes to interested third-party buyers on the black market or maliciously releasing them online just like the hackers did in this case.  

According to Saryu Nayyar, CEO of Gurucul, a security and analytics firm, the sort of breach EA experienced has the potential of bringing a company to its knees. In his opinion, “Game source code is highly proprietary and sensitive intellectual property that is the heartbeat of a company’s service or offering.” Nonetheless, if EA is to be believed, then customers have nothing to worry about in the future. 

Related Posts