EA hit by a data breach and hackers are selling source code

0

Motherboard is reporting that EA has fallen victim to hackers, who wiped the source code in order to FIFA 21, the Frostbite engine (which isn’t just behind) EA .’s football/soccer series, but also Battlefield), and other game development tools. The hackers reportedly advertise that the data is for sale on hacking forums, but that they will only consider offers from known members of the hacking community.

Source code is a big problem in programming, so it’s a big problem when companies lose control over it, and the game industry has seen some massive thefts recently: hackers stole CD Projekt Red’s source code for Cyberpunk 2077 and The Witcher 3 in February and in July 2020, Nintendo saw the source code for many SNES and Nintendo 64 games, including Super Mario Kart and an unreleased Zelda game, released in the wild in what has been named the “Nintendo Gigaleak.”

While it’s unlikely that other reputable developers would use EA’s code on purpose, hackers who can see the inner workings of a game or engine could help them make cheats or cracks – it can also reveal secret projects and game ideas, or developer comments that companies would rather not see the light of day. Breaches are also not very good for a company’s reputation.

In addition to EA’s proprietary code and tools, the hackers claim they also have Microsoft Xbox and Sony SDKs and API keys for sale. Here’s a screenshot obtained by BleepingComputer who claims that hackers have a total of 780 GB of stolen data:

Microsoft and Sony tools may also be available for purchase.
Screenshot by BleepingComputer

An EA spokesperson confirmed that The edge that hackers stole “a limited amount of game source code and related tools”, and said the hackers had no access to player data. They also said the company had improved its security after the hack and does not expect any impact on its games or business. EA was clear to us that unlike the recent series of cybersecurity incidents we’ve seen, this was not a ransomware attack and that it is working with law enforcement to investigate the incident.