Hackers steal Electronic Arts’ code for FIFA, Madden, and Battlefield video games ‘worth $28m’

780GB of data was stolen from the publisher

Adam Smith
Friday 11 June 2021 10:59 BST
Comments
(Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Hackers have stolen source code for many of the top video games published by Electronic Arts (EA).

Online forums show that on 6 June, hackers claimed to have accessed 780GB of data from the publisher, including the code for Frostbite – the game engine for the FIFA, Madden, and Battlefield franchises. For comparison, the most expensive iPhone 12 device will hold 256GB of data.

This information could be used by developers looking to copy EA properties, or create cheat codes and hacks for games.

"You have full capability of exploiting on all EA services," the hackers claimed in blog posts, which are locked from public view.

The theft includes the source code for FIFA 21, as well as its matchmaking service for FIFA 22, and proprietary EA frameworks and software development kits (SDKs).

The hackers are apparently trying to sell the information, providing screenshots of a small amount of the data that they gathered, according to Vice, which first reported the news. "Only serious and rep [reputation] members all other would be ignored," the hackers apparently wrote in a post.

The threat actor selling EA’s data who claims to have stolen the code – as well as points used as in-game currency – will apparently sell the information for $28 million, according to BleepingComputer, who reportedly spoke to the hacker.

The person would not say how they accessed EA’s network, but shared screenshots of directory listings and source code to prove that the stolen information is legitimate.

"We are investigating a recent incident of intrusion into our network where a limited amount of game source code and related tools were stolen," an EA spokesperson said in a statement.

"No player data was accessed, and we have no reason to believe there is any risk to player privacy. Following the incident, we’ve already made security improvements and do not expect an impact on our games or our business. We are actively working with law enforcement officials and other experts as part of this ongoing criminal investigation."

EA added that it was not a ransomware attack that allowed the breach to happen, the spokesperson also told CNN.

“This is not the usual attack as it is likely not financially motivated. Attacks on games publishers are usually for other reasons such as cheat making or underground community kudos. Gaming source code makes a popular target for cheat makers and their communities, so protection must be water tight,” Jake Moore, Cybersecurity Specialist at ESET, told The Independent.

“There will be an inevitable indirect financial hit as EA recovers from a frustrating strike, but luckily this is not related to ransomware like many other current targeted cyberattacks delivering a two-pronged attack.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in