EA Games hacked, stolen data selling for $28 million

Edward Kost
Edward Kost
June 15, 2021

Gaming giant Electronic Arts (EA games) has lost 780 GB of sensitive gaming data in a recent data breach.

The hackers compromised the company’s Frostbite engine which gave them access to the source codes of multiple EA games alongside Software Development Kits (SDKs) and property gaming frameworks.

How was EA games hacked?

The cyber criminals gained access to the data treasure trove through the gaming company’s Slack channel.

First, the hackers purchased stolen cookies linked to EA’s Slack channel for $10. Browsers use cookies to save credentials to speed up the login process. The hackers exploited the cookies, logged in as the compromised employee, and message the IT department, telling them that they lost their phone and needed help with multifactor authentication to log into the corporate network.

The unsuspecting IT representative obliged, and the hackers went to work.

The cybercriminals posted the stolen treasure trove on a dark web forum, where it’s currently for sale for $28 million.

Hackers posted evidence of stolen EA source code on the dark web - source: bleepingcomputer.com

The reason for the avaricious price tag is due to the depth of further compromise that’s possible if the stolen data is intelligently leveraged.

Firstly, the threat actors boast that they gained access to all of EA”s services which means the new owner will be capable of exploiting all of them.

And secondly, with access to the source codes of two wildly popular EA products - Frostbite game engine and FIFA 21 - a cyber criminal could develop gaming cheats.

The market for gaming cheats is huge. Earlier this year, the world’s biggest game-cheat enterprise was busted in a collaborative effort between Chinese police and Tencent known as, operation “Chicken Drumstick.” 

The criminal organization generated approximately $76 million in revenue selling gaming cheats though a subscription model starting at $10 a day.

Luxury cars among the assets seized during operation "Chicken Drumstick" - Source: BBC.com

The clandestine application of these cheats could help gamers win millions at gaming tournaments, or at the very least, improve their online reputation. This is why the demand for gaming cheats is so high.

It’s an unsettling period for EA gamers. Electronic Arts says its users shouldn’t suffer privacy breaches, but with so many options for exploitation, the impact of this breach will only be known after the black market sale is complete.

How secure is Electronic Arts?

Electronic Arts Inc. (EA) is an American video game company headquartered in Redwood City, California.
  • Check icon
    View our free preliminary report on Electronic Arts’s security posture
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
Security ratings
Abstract shape
Deliver icon

Sign up for our newsletter

Stay up-to-date on everything UpGuard with our monthly newsletter, full of product updates, company highlights, free cybersecurity resources, and more.
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

Protect your organization

Get in touch or book a free demo.
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan rating