The Week in Breach – Hackers Steal $28M Worth of Data from Game Giant EA

Make sure to add us or contact us for the latest news



Hackers Breach EA Corporate Network and Steal Source Code


Gaming giant Electronic Arts (EA) has been hit by a major data breach that has allegedly seen hackers gain access to its corporate network and steal 780GB of source code, SDKs and other proprietary tools.

According to Vice, after the hackers broke into the company’s network, they took to underground hacking forums where they posted messages detailing the kinds of data they were able to steal from EA.

In their forum posts, the hackers claimed they were able to obtain the source code for FIFA 21 and the code for the game’s matchmaking server. They also allegedly acquired the source code and tools for EA’s Frostbite engine that powers the Battlefield, FIFA, Madden and Need for Speed franchises among other games.

Apparently, the hackers were also able to get their hands on proprietary EA frameworks and the company’s software development kits (SDKs) used by its developers to make games.

BleepingComputer spoke to the threat actor selling EA’s data who claims to have stolen the full FIFA source, EA game clients, and points used as in-game currency.

In-game points have been known to be used by cybercriminals for money laundering purposes.

When asked how they gained access to EA’s network they would not provide further details.

Stolen EA data worth $28 million

The attackers claim to have access to all of EA’s services, telling customers willing to pay $28 million for the stolen data that they will also gain “full capability of exploiting on all ea services,” as first reported by Motherboard.

In all, the hackers claim to have stolen a massive trove of data from EA’s network, including:

They also shared screenshots of directory listings and source code as proof that the stolen information is legitimate.

BleepingComputer found the attackers’ posts promoting the stolen data on various marketplaces and hacking forums using Kela’s Dark Beast intelligence service.

EA data theft

 

An EA spokesperson confirmed to The Verge that hackers stole “a limited amount of game source code and related tools,” and said that the hackers didn’t have access to player data. They also said that the company had improved its security following the hack, and doesn’t expect an impact on its games or business. EA was clear to us that, unlike the recent string of cybersecurity incidents we’ve seen, this was not a ransomware attack, and that it’s working with law enforcement to investigate the incident

Sources:

https://www.techradar.com/news/battlefield-2042-and-fifa-maker-ea-suffers-huge-data-breach-heres-all-you-need-to-know

https://www.bleepingcomputer.com/news/security/hackers-breach-gaming-giant-electronic-arts-steal-game-source-code/

https://www.theverge.com/2021/6/10/22528003/ea-data-breach-frostbite-fifa-internal-tools-hack


Dark Web ID’s Top Threats This Week


 


Electronic Arts Inc (EA)

https://www.reuters.com/business/hackers-steal-wealth-data-ea-vice-2021-06-10/

Exploit: Hacking

Electronic Arts Inc: Game Developer

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.355= Extreme

Electronic Arts (EA) has announced that it is investigating a data breach. Cybercriminals stole valuable corporate data from the company including game source code and related tools. Early reports noted that hackers had stolen source codes for the popular title “FIFA 21” and source code and tools for the Frostbite engine. Researchers estimate that 780 gigabytes of data was snatched then advertised for sale on underground hacking forums.

Customers Impacted: Unknown

How It Could Affect Your Business: Hackers are always interested in proprietary data and corporate secrets, the 3rd most popular category for theft. They’re easy money in the busy dark web data markets.

IntegraMSP to the Rescue: Are you ready for the next risk? Find useful data to inform security decisions including our predictions for the biggest risks of 2021 in The Global Year in Breach 2021READ IT NOW>>

Edward Don

https://www.bleepingcomputer.com/news/security/foodservice-supplier-edward-don-hit-by-a-ransomware-attack/

Exploit: Ransomware

Edward Don: Foodservice Distributor

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.816 = Severe

Foodservice equipment distributor Edward Don has been hit by a ransomware attack. The incident has disrupted their business operations, including their phone systems, network and email. As a result, employees have been driven to using personal Gmail accounts to communicate with customers regarding urgent orders or fulfillment issues. The incident is under investigation and full functionality was quickly restored,

Individual Impact: No sensitive personal or financial information has been declared compromised in this incident and the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business Ransomware attacks against strategic targets like this are becoming all too common as ransomware gangs seek to cause maximum buzz for maximum profit.

IntegraMSP to the Rescue: NEW! Go behind the scenes of ransomware to see who gets attacked, who gets paid and what’s next on the hit list in Ransomware Exposed! DOWNLOAD NOW>>

McDonald’s Corp: Fast Food Chain

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.606= Moderate

McDonald’s Corp. said hackers exposed US business information and some customer data in South Korea and Taiwan. The attackers accessed e-mails, phone numbers and delivery addresses. The company reported that it had hired external consultants to investigate unauthorized activity on an internal security system, prompted by a specific incident in which the unauthorized access was cut off a week after it was identified. The announcement noted that the burger chain does not believe any customer payment data was stolen but cautioned that there may be employee data exposed.

Individual Impact: There has not yet been confirmation that sensitive personal or financial information has been compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your  Business Cyberattacks that focus on obtaining corporate or business data are increasingly troubling because each one adds more sensitive data to the dark web that can be used against other businesses.

IntegraMSP to the Rescue:  Increase the chance of speeding past pitfalls to victory when you boost cyber resilience for every customer using the tips in the ID Agent eBook The Road to Cyber ResilienceDOWNLOAD IT NOW>


Intuit

https://www.bleepingcomputer.com/news/security/intuit-notifies-customers-of-compromised-turbotax-accounts/

Exploit: Account Takeover (ATO)

Intuit: Financial Software Developer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.612= Severe

Accounting software giant Intuit has notified customers that they have suffered a breach. The company warned users of TurboTax that their personal and financial information was accessed by attackers following what looks like a series of account takeover attacks. Intuit announced that the threat actors used credentials (usernames and passwords) obtained from “a non-Intuit source” to gain access to the accounts.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.832= Severe

Intuit notified potentially impacted clients by mail that information contained in a prior year’s tax return or current tax returns in progress including their name, Social Security number, address(es), date of birth, driver’s license number and financial information (e.g., salary and deductions) and information of other individuals contained in the tax return may have been exposed.

Customers Impacted: Unknown

How it Could Affect Your Business Clients expect a high level of information security from companies that they trust with their personal and financial information, and may stop doing business with companies that fail to protect it.

IntegraMSP to the Rescue:  Make sure you’re protecting the access points to your clients’ assets with strong security, including strong passwords with the ID Agent Build Better Passwords eBook. GET IT>>

Sol Oriens

https://www.techtimes.com/amp/articles/261472/20210615/revil-hacking-group-s-ransomware-attack-nuclear-weapons-contractor-sol.htm

Exploit: Ransomware

Sol Oriens: Defense Contractor

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.337= Severe

REvil has struck again, this time against a tiny but important target in the defense sector. Sol Oriens, which consults for the US Department of Energy’s National Nuclear Safety Administration, is a 50-person firm based in Albuquerque, New Mexico. Researchers noted finding Sol Oriens documents posted on the dark web, told CNBC that they include invoices for NNSA contracts, descriptions of research and development projects managed by defense and energy contractors dated as recently as 2021

Individual Impact: No sensitive personal or financial information has been confirmed as compromised in this incident although some sources are reporting that human resources data is in the mix.

Customers Impacted: Unknown

How it Could Affect Your Business This seemingly small attack could pack big consequences. Ransomware gangs have been increasingly focused on hitting strategic targets that service major clients.

IntegraMSP to the Rescue: Secure your data and systems against today’s nastiest threat with Ransomware 101, the most popular eBook, to guide you through how to secure your business effectively. READ IT>>

Volkswagen Group of America

https://www.reuters.com/business/autos-transportation/vw-says-data-breach-vendor-impacted-33-million-people-north-america-2021-06-11/

Exploit: Third- Party Data Breach

Volkswagen Group of America: Automotive Manufacturer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.825 = Severe

Volkswagen US has announced that it has suffered a data breach impacting millions of US customers and prospective customers. the car company released information saying that a data breach at a vendor has exposed data on more than 3.3 million buyers and prospective buyers in North America. An unauthorized third party obtained limited personal information about customers and interested buyers from a vendor that its Audi Volkswagen brands and some U.S. and Canadian dealers used for digital sales and marketing.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.213 = Severe

The information was gathered for sales and marketing between 2014 and 2019 and was in an electronic file the vendor left unsecured. According to Volkswagen, the majority of people impacted had phone numbers and email addresses exposed, but some clients had their driver’s license information stolen as well. In some cases, information about a vehicle purchased, leased, or inquired about was also obtained. VW said 90,000 Audi customers and prospective buyers also had sensitive data impacted relating to purchase or lease eligibility. VW said it will offer free credit protection services to those individuals.

Customers Impacted: 3.3 million

How it Could Affect Your Business: Attacks on data processors and other essential service providers have escalated as cybercriminals look for big data scores and information that facilitates more cybercrimes.

IntegraMSP to the Rescue: Third-party and supply chain risk growing exponentially. Learn strategies to fight back in our eBook Breaking Up with Third-Party and Supply Chain RiskDOWNLOAD IT>>

New York City Law Department

https://www.nytimes.com/2021/06/07/nyregion/cyberattack-law-department-nyc.html

Exploit: Ransomware

New York City Law Department: Municipal Government Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.633 = Severe

The New York City Law Department experienced a cyberattack that impacted its computer systems, forcing it to shut down its technology. The network also had to be disconnected from other city systems for safety. Systems are being restored slowly and the FBI is investigating along with New York police.

Individual Impact: No sensitive personal or financial information has been confirmed as compromised in this incident.

Customers Impacted: Unknown

How it Could Affect Your Business: Attacks that strike at government and infrastructure targets frequently use ransomware to get the job done, and no matter how big or small, no organization is safe.

IntegraMSP to the Rescue: Are your clients maintaining strong security? The Security Awareness Champion’s Guide shows you how to close vulnerabilities fast! GET IT>>


Carter’s

https://threatpost.com/baby-clothes-carters-leaks-customer-records/166866/

Carter’s: Children’s Clothier

Exploit: Third Party Data Breach

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.331 = Severe

In a new disclosure, baby clothing giant Carter’s admitted that it had suffered a data breach through a third-party data processor, exposing the personal data of hundreds of thousands of its customers over a multiyear period. The service provider, Linc, handled automation for online purposes. The Linc system was used to send customers shortened URLs containing everything from purchase details to tracking information without basic security protections.

Individual Impact: At this time, no sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your  Business: Every business has relationships with other businesses, and every relationship they have creates risk. Protecting companies from supply chain risk is imperative.

IntegraMSP to the Rescue: Are all of your clients protected from this kind of risk? Use our Cybersecurity Risk Protection Checklist to make sure you’ve dotted the “I”s and crossed the “T”s. DOWNLOAD IT>>



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.