Electronic Arts was in the news recently for the recent reveal of the “Battlefield 2042” trailer, but shortly after, they fell victim to another data breach. And the hackers found their way in via a surprising method.
(Photo : Pavlo Gonchar/SOPA Images/LightRocket via Getty Images)
UKRAINE – 2021/04/23: In this photo illustration, Electronic Arts (EA) logo of a US video game company is seen on a smartphone and a pc screen.
GameRant reports that the recent Electronic Arts hack was achieved using the popular workplace management software Slack. The information about the hacking method apparently came from the hackers themselves, who spoke with tech news outlet Vice.
According to them, they achieved the hack by first buying stolen website cookies for $10 a pop. They then used the cookies to worm their way into a Slack channel that EA employees use. Once there, they gained access into the company’s corporate network by basically fooling IT support into letting them in, as reported on Vice.
When the data breach was done, the hackers made off with the source codes for FIFA and the Frostbite engine, two of the biggest assets that EA has. Polygon reports that a total of 780 GB of data was stolen, which apparently also included some dev kits and proprietary frameworks.
Electronic Arts is the second big-name game developer and publisher to suffer a data breach after “Cyberpunk 2077” dev CD Projekt Red also had their source codes and dev kits stolen.
Read also: EA: Hackers Stole 780 GB of Game Data, Source Codes of Frostbite Engine Following ‘Battlefield 2042’s’ Reveal
Electronic Arts and Cybersecurity Lapses
EA now joins the roster of major industry players who have suffered cyberattacks within the past few months, and it was all caused by something that seemed as harmless as website cookies.
Remember those times when websites you visited for the first time asked that you allow “cookies?” For those of you who don’t know, the main purpose of website cookies is to save your data so you can load the website faster the next time you visit. Among the data that often gets saved are login credentials.
(Photo : Getty Images )
That’s what the Electronic Arts hackers used to gain access to the company’s networks. The reason? It allowed them to pose as legitimate employees by using a certain person’s details. It’s kind of scary if you think about it because website cookies are commonly used all over the web.
It’s one of the main reasons why some browsers such as Mozilla Firefox introduced cookie protection measures, which protected their users from online tracking. The reveal of how the hack was accomplished thrust forward EA’s apparent cybersecurity oversight into the limelight.
So far, there’s no news about the 780 GB of stolen data from Electronic Arts being peddled online for millions of dollars. That is what happened (and is currently happening) to CD Projekt Red right now.
But since the studio is an industry giant, it’s not bad to assume that the hackers will expect some form of monetary kickback, one way or another.
Related: CD Projekt Red Says Stolen Data From Four Months Ago is Circulating Online, Including Data of Employees and Contractors
This article is owned by Tech Times
Written by RJ Pierce
ⓒ 2021 TECHTIMES.com All rights reserved. Do not reproduce without permission.