Threat actors leaked data stolen from EA, including FIFA code

Threat actors that hacked Electronic Arts in June have leaked full data dump stolen from the company after the failure of the negotiation with the victim.

In June, hackers have compromised the network of the gaming giant Electronic Arts (EA) and claimed to have stolen approximately 780 GB of data.

The stolen data include the source code of the games, the source code of the FrostBite game engine and debug tools, FIFA 21 matchmaking server code, proprietary EA games frameworks, debug tools, SDK, and API keys, XBOX and SONY private SDK & API key, XB PS and EA pfx and crt with key, and FIFA 22 API keys and SDK & debug tools.

Motherboard, who was among the first sites to report the security breach, contacted EA which confirmed the data breach.

BleepingComputer also received a statement from the gaming giant that said it was not hit by a ransomware attack. The company attempted to downplay the data breach saying that only “a limited amount of code and related tools were stolen”, it also added that they expect that the data breach will not impact its business.

The company said that hackers did not access player data, it also added to have already implemented additional security measures.

On July 26, hackers behind the attack have released the entire cache of stolen data after they failed to negotiate with the gaming firm and also to sell the stolen files to other threat actors, reported The Record.

The data has been initially leaked on a cybercrime forum, but now copies of the stolen data are circulating on different underground sites.

The Record that analyzed a copy of the dump confirmed that the archive contains the source code of the FIFA 21 game.

“According to a copy of the dump obtained by The Record, the leaked files contain the source code of the FIFA 21 soccer game, including tools to support the company’s server-side services” states The Record.

The hackers used stolen authentication cookies for an EA internal Slack channel that were bought in the Genesis black marketplace. Then the attackers tricked an EA IT support staffer into granting them access to the EA internal network.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, EA)

[adrotate banner=”5″]

[adrotate banner=”13″]