[TheRecord] Hackers leak full EA data after failed extortion attempt

The hackers who breached Electronic Arts last month have released the entire cache of stolen data after failing to extort the company and later sell the stolen files to a third-party buyer.

The data, dumped on an underground cybercrime forum on Monday, July 26, is now being widely distributed on torrent sites.

According to a copy of the dump obtained by The Record, the leaked files contain the source code of the FIFA 21 soccer game, including tools to support the company’s server-side services.

How the EA breach took place

The existence of this leak was initially disclosed on June 10, when the hackers posted a thread on an underground hacking forum claiming to be in possession of EA data, which they were willing to sell for $28 million.

In an interview with Motherboard, the hackers claimed to have gained access to the data after buying authentication cookies for an EA internal Slack channel from a dark web marketplace called Genesis.

The hackers said they used the authentication cookies to mimick an already-logged-in EA employee’s account and access EA’s Slack channel and then trick an EA IT support staffer into granting them access to the company’s internal network.

From there, the hackers then proceeded to download more than 780GB of source code from the company’s internal code repositories.

While initially, the hackers hoped to earn a big payday from the EA hack, they failed to find any buyers on the underground market, as the stolen data was mostly source code that lacked any value for other cybercrime groups, most of which are interested in user personal or financial data primarily.

After failing to find a buyer, the hackers tried to extort EA, asking the company to pay an undisclosed sum and avoid having the data leaked online.

Initially, they released a cache of 1.3GB of FIFA source code on July 14, only to release the entire data two weeks later after EA shunned their threats.

In a statement sent to The Record after the release of the full data, EA confirmed that “no player data was accessed” during the hackers’ intrusion and the company has “no reason to believe there is any risk to player privacy” as a result of the leak.

“Following the incident, we’ve already made security improvements and do not expect an impact on our games or our business,” an EA spokesperson told The Record. “We are actively working with law enforcement officials and other experts as part of this ongoing criminal investigation.”

Screenshots from the leaked data are available below.

Image: The Record
Image: The Recor
Image: The Record
Image: The Record
Image: The Record
Image: The Record
Image: The Record

The post Hackers leak full EA data after failed extortion attempt appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[ESET] Week in security with Tony Anscombe

All posts, ESET feed

ESET Research finds another data wiper in Ukraine – Securing data centers against threats – A cultural divide between the military and Silicon Valley The post Week in security with Tony Anscombe appeared first on WeLiveSecurity Source: Read More (WeLiveSecurity)

Read More

[ESET] Bluetooth bugs could allow attackers to impersonate devices

All posts, ESET feed

Patches to remedy the vulnerabilities should be released over the coming weeks The post Bluetooth bugs could allow attackers to impersonate devices appeared first on WeLiveSecurity Source: Read More (WeLiveSecurity)

Read More

[ZDNet] Take these steps to prepare for and handle the cybersecurity effects of the war in Ukraine

All posts, ZDNet

CISOs and their teams in Europe and worldwide are already experiencing cybersecurity impacts from the war in Ukraine. Here are the cybersecurity-related steps to take right now. Source: Read More (Latest topics for ZDNet in Security)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.