Hackers Steal FIFA 21 Source Code, Tools in EA Breach

Raft of other proprietary game data and related software and developer kits also pilfered in the unspecified attack, which the company is investigating.

Hackers have breached computer game maker Electronic Arts (EA) and stolen source code and related tools for the company’s extensive game library, the company has confirmed.

EA said it’s investigating “a recent incident of intrusion into our network where a limited amount of game source code and related tools were stolen,” according to a statement published in numerous online reports. The longtime game developer is known for titles such as The Sims, Madden NFL and FIFA 21.

“No player data was accessed, and we have no reason to believe there is any risk to player privacy,” the company said. EA did not immediately return an emailed request for comment from Threatpost Friday morning.Despite EA’s downplaying of the incident, the initial source that reported it suggested the breach was indeed quite serious. A report in Vice Motherboard published late Thursday claims hackers posted on a dark web forum that they have taken the source code for EA’s FIFA 21 as well as code for its matchmaking server, in addition to numerous other company assets.

That post appears to be available via a Google cached web page from June 6 that bears the headline “We sell the FIFA 21 full src code and tools,” asking for a price of $28 million for the 780 gigabyte data dump.

The web page, which was emailed to Threatpost, lists a raft of stolen information, including the FIFA 21 matchmaking server, FIFA 22 API keys and some SDK and debugging tools; and the source code for FrostBite, the engine that powers other EA games, including Battlefied, as well as related debugging tools.

Hackers also claim they have code for “many proprietary EA games, frameworks and SDKs,” as well as other EA proprietary code and API keys. “You have full capability of exploiting on all EA services,” they wrote in the post.

Attack Vector Unknown

The hackers are flogging the data on a number of underground hacking forums, according to Motherboard, which claimed to have viewed various posts for its sale.

At this time EA has not disclosed how attackers breached its network. The company said it already has made unspecified security improvements after it discovered the breach and does not expect the incident to impact its games or its business, according to the statement.

One security expert speculated that attackers probably exploited an unpatched, known vulnerability in EA’s network, which is an all-too-common way attackers use to infiltrate corporate servers.

“It is unlikely that the attackers found a zero-day vulnerability and created their own exploit against a popular used software,” observed Candid Wuest, vice president of cyber protection research at data protection firm Acronis, in an email to Threatpost. “It would be more likely that EA did not patch a known vulnerability, as we have seen with many other companies and the Microsoft Exchange ProxyLogon vulnerability in March.”

A misconfigured and exposed service also could have been the culprit that allowed attackers to gain access, he said. “Overall it highlights that a comprehensive cyber protection strategy is required in todays threat landscape,” Wuest added.

EA is currently working with law enforcement and other security experts as part of an ongoing criminal investigation into the attack, the company said.

Monetization Options

If a significant chunk of the company’s intellectual property (IP) has indeed fallen into the wrong hands, the breach could pose long-term problems for EA, giving threat actors numerous options for future exploitation of the data they’ve stolen, security experts said.

“This sort of breach could potentially take down an organization,” Saryu Nayyar, CEO of security and risk analytics firm Gurucul, said in an email to Threatpost. “Game source code is highly proprietary and sensitive intellectual property that is the heartbeat of a company’s service or offering.”

With access to EA’s IP, there’s a lot an attacker can do to capitalize financially on the breach beyond selling it on the dark web–from finding bugs in applications, to directly pirating software, another expert observed.

“In modern cybercriminal enterprises, we’re seeing a lot of advanced monetization strategies,” said David “Moose” Wolpoff, CTO and co-founder of attack surface management firm Randori. “In the case of this EA attack, I’d wager that we’ll see the attackers parsing out access to maximize profits.”

Download our exclusive FREE Threatpost Insider eBook, 2021: The Evolution of Ransomware,” to help hone your cyber-defense strategies against this growing scourge. We go beyond the status quo to uncover what’s next for ransomware and the related emerging risks. Get the whole story and DOWNLOAD the eBook now – on us!

Suggested articles