Electronic Arts has confirmed that it has become a victim of hackers.
Hackers managed to obtain more than 780 GB of company data, including the source code of the Frostbite engine, which powers the games FIFA, Madden NFL and Battlefield. EA confirmed that they had stolen “a limited amount of the game’s source code and associated tools,” but assured that the data on the players themselves did not fall into the hands of hackers. Since then, the company has improved security measures.
Electronic Arts emphasizes that this incident will not affect its business and games. Although experts believe that in the future it is possible to hack games that run on this engine, and this is a significant financial loss. Moreover, hackers intend to sell the received information.
The hackers themselves, responsible for the hacking, told reporters a detailed diagram of how they did it. They first bought a cookie, stolen from an Electronic Arts employee, and used it in a corporate Slack chat. Then they contacted the IT support service of the company and, introducing themselves as an employee, talked about a smartphone with a multi-factor authentication token allegedly lost at a party in a closed EA corporate network. After that, the support service issued them a new token, which became an entrance ticket to the closed Electronic Arts network.
On this network, hackers connected to the corporate database, created a virtual machine for better orientation and gain access to another service. Through it, hackers stole the source code of the engine.
Electronic Arts confirmed that, in general, the described scheme is true.