In the recent reports, hackers broke into the systems of EA and stole source code used in company games. This incident reportedly happened on June 6th, 2021. The hacker claimed to have obtained 780 gigabytes of data from EA, including the Frostbite source code, which is the game engine that powers the FIFA Madden Battlefield series of video games, among others.
The hackers claimed to offer "full capability of exploiting on all EA services." They also claimed to have stolen software development tools for FIFA 21 and server codes for player matchmaking in FIFA 22.
Brett Callow, the cybersecurity expert and a threat analyst at Emsisoft said losing control over source code could be problematic for EA's business.
"Source code could, theoretically, be copied by other developers or used to create hacks and potential backdoors for games,"
"Hackers can comb through the code, identify deeper flaws for the exploit, and sell that previous code on the dark web to malicious threat actors."
Player data was not compromised in the breach, and the EA spokesperson confirmed.
"We are investigating a recent incident of intrusion into our network where a limited amount of game source code and related tools were stolen," the EA spokesperson said.
"No player data was accessed, and we have no reason to believe there is any risk to player privacy. Following the incident, we've already made security improvements and do not expect any impact on our games or business. We are actively working with law enforcement officials and other experts as part of this ongoing criminal investigation."
The EA spokesperson further confirmed that the EA breach was not a ransomware attack.
“This incident demonstrates the fact that even high-tech organisations are vulnerable to potential data breaches," known security advocate Erich Kron.
"In this case, the source code for several products, some very valuable and costly to produce intellectual property, has been stolen by the cybercriminals and offered on the open market. Interestingly, at this time, it appears they did not attempt to ransom the data back to EA but instead chose to offer it to the highest bidder. Suppose this data includes a significant amount of proprietary information. In that case, it may be valuable to competitors, or it may include information or vulnerabilities that could be used in future attacks against EA products or customers with installed EA games."
"Unfortunately, these successful attacks are often a byproduct of human error. Reused passwords or harvested credentials are common ways for attackers to gain access to systems and networks. For this reason, it is a wise move for organisations to regularly educate employees about potential attack vectors and the importance of being vigilant for attacks that may target them. In addition, robust Data Loss Prevention controls can help spot when sensitive data may be moving out of the victim's network and play an important role in an organisation's layered security strategy.”