Cybercriminals have stolen 780GB of valuable data, including source code for FIFA 21, from game publisher Electronic Arts (EA) and posted it for sale on underground forums.
The attackers also claimed to have stolen source code for EA’s proprietary Frostbite game engine, which is used to run many other high-profile games.
Source code is the basic building blocks of a computer program and is usually displayed as plain text. Someone with access to source code could modify it or reverse engineer parts of a product, such as a video game.
EA, the publisher behind gaming franchises including FIFA, Battlefield and The Sims, said it had no evidence player data was stolen during the hack.
According to Motherboard, which first reported the news, the hackers broke into EA systems after tricking an employee over Slack to provide a login token. It gained access to the Slack channel used by EA after buying stolen cookies for $10, a representative for the hackers told the tech news site.
Once inside the cybercrooks requested a multifactor authentication token from EA’s IT team. This granted them access to EA’s corporate network, which then allowed them to download the source code, along with software development kits.
In a statement, EA said: “We are investigating a recent incident of intrusion into our network where a limited amount of game source code and related tools were stolen. No player data was accessed, and we have no reason to believe there is any risk to player privacy.
“Following the incident, we’ve already made security improvements and do not expect an impact on our games or our business.”
EA has contacted law enforcement other experts while it investigates the hack.
In the last seven months, cybercriminals have also targeted gaming companies Capcom and CD Projekt Red.
Jan Vojtesek, malware researcher at antivirus company Avast, said cybercriminals target big corporations because they can provide a “good return of investment”.
“In this case, FIFA 21 is a highly popular game within the franchise with a solid customer base, and this can be taken advantage of by the attackers in different ways to make a profit,” Vojtesek said. “For example selling it to competitors or to game hacking businesses who could use the source code to look for bugs and create cheat tools, hold it ransom, modify the code and insert malware to infect those who would buy it pirated.”