Earlier this year, CD Projekt Red fell victim to a massive data breach that resulted in source code being sold and other information being pandered. While some in the gaming community made jokes about this following the release of Cyberpunk 2077, many failed to understand another dangerous side of this type of hack: employee personal information being sold, including home addresses. The Polish studio is far from the only studio to be hit with this kind of breach, and now another major company is reporting stolen data.
In a report that broke from Motherboard, EA is the latest company that has been hacked. Of the data stolen, there is source code to FIFA 21 as well as a plethora of valuable developer tools not limited to just the Frostbite engine. According to the initial report, the hackers are looking to sell the source code – not unlike what happened to CD Projetk Red – for an undisclosed dollar amount. The total amount of data is reportedly up to 780GB’s worth.
EA is looking into the incident. A spokesperson told BBC, “We are investigating a recent incident of intrusion into our network where a limited amount of game source code and related tools were stolen.” They also added that no player data has been accessed, and at this time there is no reason to believe that any player privacy is at risk. EA also confirmed that the proper authorities have been contacted.
“This incident demonstrates the fact that even high-tech organizations are vulnerable to potential data breaches,” known security advocate Erich Kron tells Game Informer. “In this case, the source code for several products, some very valuable and costly to produce intellectual property, has been stolen by the cybercriminals and offered on the open market. Interestingly, at this time, it appears they did not attempt to ransom the data back to EA, but instead chose to offer it to the highest bidder. If this data includes a significant amount of proprietary information, it may be valuable to competitors, or it may include information or vulnerabilities that could be used in future attacks against EA products or customers with installed EA games.”
He added, “Unfortunately, these successful attacks are often a byproduct of human error. Reused passwords or harvested credentials are common ways for attackers to gain access to systems and networks. For this reason, it is a wise move for organizations to regularly educate employees about potential attack vectors and the importance of being vigilant for attacks that may target them. In addition, robust Data Loss Prevention controls can help spot when sensitive data may be moving out of the victim’s network and play an important role in an organization’s layered security strategy.”