Posted on August 3, 2021 at 5:09 PM
A few weeks ago, some hackers stole the entire source code for EA’s popular FIFA21 video game. But a recent report shows that those hackers have decided to post the source code on the darknet after failing to get a ransom payment from the gaming platform. They are also releasing it for free after failing to get a buyer for the code.
When the hacking incident occurred in June, the threat actors used a unique hacking method to access the game’s code. Initially, they stole cookies worth $10 to gain access to the official EA slack channel.
Afterward, they convinced an IT worker in the firm and pretended that they were employees there. They claimed to have lost access to their account. Subsequently, the IT staff unknowingly enabled them to surf through EA’s network, stealing about 780GB of the firm’s source code in the process.
A failed extortion attempt
After gaining access to the data, the threat actors posted the stolen data on the darknet for sale. But they did not receive any bids for the data, since it doesn’t have any details like personal information or financial details. Stolen data with personal or financial information usually have high demand in the market. Most times, the buyers use them for further phishing attacks and identity theft.
Shortly after the attack, the threat actors revealed that they planned to sell the data for $28 million. When the threat actors couldn’t find a buyer for the data, they decided to demand ransom from the victimized company.
They contacted EA and offered them the chance to buy the data to prevent its full leak. However, that did not work out well for the hackers as the company ignored the ransom requests completely.
When they realized that the gaming company is not giving them any attention, they released 1.3 GB of the source code, hoping to create a sense of urgency for the ransom negotiation to begin. But that too did not yield any positive results for them.
As a result, the threat actors, with no other option, have decided to offer the data for free on the darknet. The data is now heavily being distributed across different darknet sites as well as on torrent sites.
During the initial discovery of the hacking incident, EA informed its customers that the stolen data does not contain any customer details and they shouldn’t worry about their security.
“We’ve already made security improvements and do not expect any impact on our games or our business,” the gaming firm said at the time. The company reiterated that all customer details are safely kept in their portal and none of them were compromised by the hacking incident.
EA Not Too Concerned About The Breach
EA strongly believes that the data breach will not have any meaningful effect on its business since it has covered its platform with improved security. After the breach, EA upgraded its security infrastructure to fortify and prevent any subsequent attacks on its systems.
The video game company also noted that the threat actors were unable to have access to any data of its employees or player data.
However, the company says it contacted law enforcement as it’s the right thing to do doing such incidences. The firm says it is currently working with law enforcement and other related bodies to fully investigate the incident.
According to reports on the incident, the stolen data contains the source code of the “FIFA 21”. It also includes the tools required to support EA’s server-side services.
Now that the threat actors have released all the data to the public for free, people may likely use the code to play FIFA 21 on their systems without connecting through EA. However, those who want to stay legal while playing the game are advised to stay off buying a copied content.