Hackers have stolen source code for many of the top video games published by Electronic Arts (EA).
Online forums show that on 6 June, hackers claimed to have accessed 780GB of data from the publisher, including the code for Frostbite – the game engine for the FIFA, Madden, and Battlefield franchises. For comparison, the most expensive iPhone 12 device will hold 256GB of data.
This information could be used by developers looking to copy EA properties, or create cheat codes and hacks for games.
“You have full capability of exploiting on all EA services,” the hackers claimed in blog posts, which are locked from public view.
The theft includes the source code for FIFA 21, as well as its matchmaking service for FIFA 22, and proprietary EA frameworks and software development kits (SDKs).
The hackers are apparently trying to sell the information, providing screenshots of a small amount of the data that they gathered, according to Vice, which first reported the news. “Only serious and rep [reputation] members all other would be ignored,” the hackers apparently wrote in a post.
The threat actor selling EA’s data who claims to have stolen the code – as well as points used as in-game currency – will apparently sell the information for $28 million, according to BleepingComputer, who reportedly spoke to the hacker.
The person would not say how they accessed EA’s network, but shared screenshots of directory listings and source code to prove that the stolen information is legitimate.
“We are investigating a recent incident of intrusion into our network where a limited amount of game source code and related tools were stolen,” an EA spokesperson said in a statement.
“No player data was accessed, and we have no reason to believe there is any risk to player privacy. Following the incident, we’ve already made security improvements and do not expect an impact on our games or our business. We are actively working with law enforcement officials and other experts as part of this ongoing criminal investigation.”
EA added that it was not a ransomware attack that allowed the breach to happen, the spokesperson also told CNN.
“This is not the usual attack as it is likely not financially motivated. Attacks on games publishers are usually for other reasons such as cheat making or underground community kudos. Gaming source code makes a popular target for cheat makers and their communities, so protection must be water tight,” Jake Moore, Cybersecurity Specialist at ESET, told The Independent.
“There will be an inevitable indirect financial hit as EA recovers from a frustrating strike, but luckily this is not related to ransomware like many other current targeted cyberattacks delivering a two-pronged attack.”