Unsuccessful in obtaining ransom, hackers published data stolen from Electronic Arts

In mid-June, it was reported that unknown attackers had hacked Electronic Arts and stolen more than 750 GB of data, including game source codes and debugging tools.

Then the representatives of the company confirmed the fact of hacking and data leakage, however, they emphasized that it was not about the ransomware attack.

The cybercriminals, in turn, wrote that they had access to all EA services and offered anyone who wanted to buy stolen data for $28,000,000, and the buyer allegedly received “the opportunity to fully exploit all EA services” as a bonus.

In an interview with Vice Motherboard, the hackers said they got access to the data after purchasing authentication cookies for the company’s internal Slack channel on the Genesis marketplace.

The hackers claimed to have stolen massive volumes of data from the EA network, including:

• server sources for searching FIFA 21 matches;
• FIFA 22 API keys, SDK and debugging tools;
• source code of the FrostBite game engine and debugging tools;
• debugging tools, SDK and API keys;
• own EA game frameworks;
• Private SDK and API key for Xbox and Sony;
• XB PS and EA pfx and crt with key.

According to The Record, the hackers were never able to get a ransom from the company or sell the stolen files to a third-party buyer. The fact is that the stolen data was of no value to other criminals, since it did not contain either personal or financial data of users. As a result, on July 26, the stolen data was freely published on a popular hack forum, and then torrent trackers appeared.

Journalists who had a copy of the dump write that it contains the source code of the FIFA 21 game, including tools to support the company’s server services.

Electronic Arts representatives say that user data was not available to hackers at the time of the hack, so “there is no reason to believe that there is any risk to the privacy of the players.” The company also reiterated that the attack had no impact on EA’s games and business, and law enforcement agencies and third-party information security experts are working to investigate the incident.

The Record journalists published screenshots of the leaked data.

Let me remind you that that Hackers used Slack to hack Electronic Arts computer systems.