A desperate hacker has begun leaking data stolen from EA servers, including game source code and internal tools, on the Dark Web to force a ransom payment after the gaming giant refused to honour their demand.
In early June, Motherboard reported that a hacker used a Slack token purchased online to infiltrate a server belonging to EA and steal as much as 780GB of data from the gaming giant. The stolen data reportedly included the source code for FIFA 21, the source code for the Frostbite engine used in games such as Battlefield, internal development tools, and software development kits (SDKs).
The hackers used a tried-and-tested phishing trick to get inside the company’s corporate network. First, they purchased stolen cookies for $10 and used to cookie to access one of EA’s Slack channels. In the channel, they got in touch with someone from the IT department and asked for an authentication token to access the corporate network. The hackers posed as an employee who “lost his phone at a party last night.”
After obtaining the authentication token, the hackers entered a server used by developers to compile games, and quickly exfiltrated nearly 800GB of data, using a virtual machine to hasten the process.
“We are investigating a recent incident of intrusion into our network where a limited amount of game source code and related tools were stolen. No player data was accessed, and we have no reason to believe there is any risk to player privacy,” EA said after the incident came to light.
“Following the incident, we’ve already made security improvements and do not expect an impact on our games or our business. We are actively working with law enforcement officials and other experts as part of this ongoing criminal investigation,” it added. The hackers reportedly made a ransom demand which the company refused to honour.
Earlier this week, Vice reported that the hacker, who stole 780GB of data from EA Sports, is now trying to sell around 1.3GB of data on a Dark Web forum in the hope that EA Sports will try to prevent the sale by paying a ransom.
“Few week ago we send email for ransome [sic] to EA but we dont get any response so we will posting the src [source],” the hacker said in a forum post accessed by Vice. “If they dont contact us or dont pay us we will keep posting it.”
“We’re aware of the recent posts by the alleged hackers and we are analyzing the files released. At this time, we continue to believe that it does not contain data that poses any concern to player privacy, and we have no reason to believe that there is any material risk to our games, our business or our players. We continue to work with federal law enforcement officials as part of this ongoing criminal investigation,” EA told Vice.
The refusal by EA to pay a ransom is a rare event, but not one without a precedent. In May, Ireland’s Health Service Executive (HSE) absolutely refused to pay a ransom after a major ransomware attack forced it to activate a crisis response plan, shut down all IT systems, and cancel non-essential medical appointments immediately.
HSE said cyber criminals used the human-operated Conti ransomware to target its IT network. “We have been the subject of a very significant, major ransomware attack. It’s a very sophisticated attack. It is impacting all of our national and local systems that would be involved in all of our core services,” said HSE chief executive Paul Reid to RTE.
The health service later confirmed that hackers had indeed made a big ransom demand to be paid in Bitcoin, but it refused to pay up. “Ransom has been sought and won’t be paid in line with state policy,” a spokesperson from HSE told FInancial Times.