Hackers reportedly claimed that they've stolen game data and source code for games like FIFA 21 and Frostbite.
The hackers said that they've hacked into game publisher Electronic Arts' internal systems, and stole a total of 780 GB of data, including “proprietary EA frameworks and software development kits,” information on PlayStation VR and other development tools.
“We are investigating a recent incident of intrusion into our network where a limited amount of game source code and related tools were stolen,” an EA representative said.
It is said that the hackers managed to access EA’s internal systems through workplace chat platform Slack, which plenty of companies use for online communication.
At first, the hackers said that they've obtained access to an EA Slack channel using “stolen cookies” that were sold on the internet for just $10.
After gaining access to one of EA's Slack channels, the hackers pose as one of the teams, to then messaged the company's IT department for support explaining that they had lost their phone at a party the previous night.
Through social engineering trick, the hackers managed to tricking one of EA's employees to provide a login token over Slack.
It's through this method that the hackers gained access to the company's corporate network.
Once inside, the hackers discovered a service used by EA for compiling games and were able to successfully log in. From there, they started downloading the data they found, as well as accessing additional services that are only meant for internal uses.
When EA finally realized that something went wrong, the hackers were already gone with hundreds of gigabytes of stolen data.
Fortunately, “no player data was accessed, and we have no reason to believe there is any risk to player privacy,” the spokesperson for the company said, noting that EA has “already made security improvements” in response to the hack.
"We are investigating a recent incident of intrusion into our network where a limited amount of game source code and related tools were stolen," the spokesperson said.
"No player data was accessed, and we have no reason to believe there is any risk to player privacy. Following the incident, we've already made security improvements and do not expect an impact on our games or our business. We are actively working with law enforcement officials and other experts as part of this ongoing criminal investigation."
The attack highlights the vulnerabilities created by workplace communication technologies, which have skyrocketed in use since the 'COVID-19' coronavirus pandemic.
As more people work remotely, their workspace that shifted from the office to the internet, created new ways for cybercriminals to target organizations.
While many have precautions and security practices in place to thwart attacks, many of the rest are still slow in their adjustments.
And here, EA was among them that failed to secure their communication methods properly.
This incident was first reported by Motherboard.