Stolen codes from FIFA 21 are sold on the dark web
Cybercriminals who stole data from the video game company Electronic Arts (EA) leaked the code on the dark web. This came after a fruitless attempt to extort the gaming company. Reports say that the 780GB worth of data includes stolen codes from FIFA 21. The hackers initially tried to blackmail the company for $28 million. However, they failed to agree with EA over payments and released the massive data online.
Now, in June, the criminals hacked EA and leaked the full cache of data on a dark market forum. The stolen codes were however released on 26th July. Since then, the data has circulated on several torrent sites. Moreover, The Record's report says the data contains tools that support EA's server-side services and FIFA 21 source codes.
How Did the Hackers Access the Data?
Motherboard interviewed a member of the hackers back in June to talk about the breach. The hackers' representative gave some insights on how they got access to the data. The representative said that they bought stolen authentication cookies for the company's Slack channel. The cookies were sold in the Genesis dark market for $10. They used the cookies to duplicate an EA worker's account and accessed the company's Slack channel.
Afterwards, cybercriminals deceived an IT support staff into giving them access to the company's internal code archives. At first, the hackers expected to trade the stolen data on the black market for a substantial sum. Even so, there were no buyers interested in the cache data forcing them to blackmail the company.
Reactions of the EA Company on the Stolen Codes from FIFA 21
The Electronics Art company reached out to the public and confirmed the hack. EA explained that this wasn't a ransomware attack. Therefore, the breached files didn't contain any player data or personal information.
While talking to CNET, EA's spokesperson said, "We are investigating a recent incident of intrusion into our network, where a limited amount of game source code and related tools were stolen. No player data was accessed, and we have no reason to believe there is any risk to player privacy. Following the incident, we've already made security improvements and do not expect an impact on our games or our business. "
The Hackers claim on The Stolen Codes
The breached cache data first surfaced on the dark market and underground forums on 11th June. The hackers claimed they stole Application Programming Interface keys for newer versions of FIFA. Moreover, they said they possessed software development kits (SDKs) for PlayStation and Xbox consoles. They also claim to have high-value EA games source codes, including Madden and Battlefield.
The hackers threatened to publish the data online if the company failed to comply with their demands. Consequently, the hackers released nearly 1.3 GB of source data on 14th July. This was an attempting to force the company to pay up. However, EA refused to make any payments.
Initially, the cyber criminals demanded to be paid cryptocurrency worth $28 million for the stollen cache data. The breach gave them access to about 780GB worth of data. However, the California-based gaming company refused to pay the ransom as the stolen data did not contain any sensitive information.