Advertisement

Hackers reportedly used EA Games’ Slack to breach network, access source code

Hackers tricked the company's IT support to get access to corporate systems, it seems.
A gamer plays the video game ‘FIFA 19' developed and published by Electronic Arts (EA)(Photo Illustration by Chesnot/Getty Images)

Hackers who reportedly stole valuable source code from games company Electronic Arts did so by first infiltrating the company’s Slack, a representative for a group claiming credit for the attack told Motherboard.

For just $10, the hackers purchased a cookie that allowed them to infiltrate the $5 billion company’s Slack. They then posed as an employee to convince at IT administrator to grant them authentification to get into the company’s corporate network.

The EA hack, first reported by Motherboard, included some game source code and related tools. No player data was accessed in the breach and the company does not expect the hack to impact its games, EA said in a statement.

EA did not immediately respond to an email asking for verification of the hackers’ claims that they leveraged Slack to carry out the operation.

Advertisement

The attack highlights the vulnerabilities created by workplace communication technologies, which have skyrocketed in use during the pandemic. The switch to remote workspaces has created new ways for cybercriminals to target organizations, though many companies have been slow to adjust their security practices for the new reality.

“We have to update the protocols we use for ID verification because when a lot of these protocols were written we were in the office together — we could talk to each other, we could see each other’s faces,” says Rachel Tobac, a hacker and CEO of the vendor SocialProof Security.

Tobac recommends that IT professionals use two forms of communication to confirm an individual’s identity before fulfilling their request. For instance, if a user makes a request for system access over Slack, send them a reset via their corporate email.

“Many times an attacker hasn’t popped everything at once,” she says.

IT support hacks can also work in other ways. The perpetrator of a 2020 Twitter hack involving multiple high-profile accounts posed as an IT support operator to trick employees into handing over credentials.

Advertisement

Now, the theft of EA’s source code could create a host of problems for the company, researchers note.

“The danger of this attack lies primarily in the fact that the source code of FIFA 21 and other games has been stolen,” Boris Larin, senior security researcher at Kaspersky’s GReAT, said in a statement. “FIFA 21 is of primary interest to the attackers as the game has its own virtual currency, which is in high demand.”

The FBI has gone after hackers for allegedly defrauding the game’s currency before.

Hackers first started offering the EA source code in early May, according to researchers at Intel 471.  Other groups jumped in to offer the same data this week, though it’s unclear which group is the original source.

Researchers at Akamai have noticed a rise in attacks against the gaming industry over the past year.

Advertisement

“Gaming companies have an additional attack surface: the games themselves,” Steve Ragan, a security researcher at Akamai, wrote in an email. “There’s also still a big market for cheat codes, cracks, and mods in the gaming industry that criminals take advantage of every day.”

Both game makers Capcom and CD Projekt Red — best known for the game Cyberpunk 2077 — suffered ransomware attacks within the past year, with source code being auctioned off.

Tonya Riley

Written by Tonya Riley

Tonya Riley covers privacy, surveillance and cryptocurrency for CyberScoop News. She previously wrote the Cybersecurity 202 newsletter for The Washington Post and before that worked as a fellow at Mother Jones magazine. Her work has appeared in Wired, CNBC, Esquire and other outlets. She received a BA in history from Brown University. You can reach Tonya with sensitive tips on Signal at 202-643-0931. PR pitches to Signal will be ignored and should be sent via email.

Latest Podcasts