Electronic Arts Servers Hack was Easier Than You Might Think
The hackers responsible for breaking into EA's servers have shared information on how the whole process went. From their description it seems that the procedure was not particularly complicated and did not require specialized knowledge, but... cleverness.
- The hackers who broke into EA's servers have shared a description of the entire process;
- As it turns out, the login credentials to the corporate network were obtained from an employee of the technical department of the company, using Slack;
- The hackers stole the source codes for FIFA 21 and Frostbite technology, as well as documentation on creating digital crowds in the company's soccer games, among other things.
Yesterday we informed about the hack on Electronic Arts' servers. As a result, hackers acquired, among other things, source codes for FIFA 21 and Frostbite technology. Today, Motherboard, which managed to contact the perpetrators, has revealed information on how the theft process went (via VICE). As it turns out - since the days of the famous Kevin Mitnick little has changed in the hacking, because once again, the human factor failed first and foremost.
The first step taken by the hackers was to purchase (for $10) stolen cookies, which stored login credentials for Slack, used by the corporation. Then, impersonating an EA employee, they contacted the help desk, which they informed of having lost their phone "at last night's party" and asked for a multi-factor authentication token for the corporate network. Interestingly, they succeeded in doing this... twice.
Having accessed the network, hackers easily found a service created for programmers to compile games. After that, all they had to do was to create a virtual machine, gain access to yet another service and download the data they were interested in (weighing 780 GB). Motherboard reports that to support their words, the hackers provided screenshots showing the various stages of the intrusion; including conversations via Slack. The above description of the entire process was also confirmed by Electronic Arts.
Motherboard reports that in addition to the source code of FIFA 21 and the Frostbite engine, the attack enabled hackers to acquire the documentation on how to create digital crowds in games from the FIFA series and AI in EA games, as well as on game footage for PlayStation VR.