780 GB of data is what criminals claim to have stolen after accessing the systems of the video game company Electronic Arts (EA). The attackers claim to have access to all EA services and offer the information on dark web forums for $28 million. Also, among the information they say they have stolen is the source code of several games, such as FIFA 21 and The Sims, as well as the Frostbite graphics engine that is used in several company video games (such as Battlefield), as well as development tools and other types of information.
As explained by the Motherboard site, which released the attack and the details of the information offered by the criminals, EA confirmed that they suffered a data breach and that the affected information is what the attackers say they have in their possession. In addition, from the company they pointed out that malicious actors did not gain access to any user's data, so there is no risk to privacy. They also claim to have made security improvements and do not expect the incident to impact the business or their games in any way.
They managed to steal the data after tricking an employee through Slack into handing over an access token.
The plan began through the purchase of cookies on the Internet for 10 dollars. Then, they used these cookies to gain access to a Slack channel used by EA, since as the medium explains, cookies can save data from the access credentials of a particular user and could give an attacker the opportunity to log in. in that service as if it were the legitimate person.
Once inside Slack, they contacted an employee from the support area and, posing as the legitimate user, made him believe that he had lost the phone. In this way, the attacker obtained the authentication token that allowed him to access the EA corporate network.
Attacks on the video game industry are not new. Several investigations have revealed details of campaigns by sophisticated groups that have tried to affect video game companies through supply chain attacks, as was the case in 2019 with an attack by the Winnti group on video game developers in Asia with the aim of distributing malware as part of legitimate software, and then in 2020 with a new backdoor. Same thing earlier this year in what was dubbed Operation NightScout, this time targeting video game players.
But beyond these highly complex attacks, in 2020 alone there have been several cases of security breaches involving video game companies: the case of Capcom, which suffered a ransomware attack and information leak; the attack on Valve in April of last year that led to the leak of the source code for Counter Strike and Team Fortress 2; the leaking of the source code of classic Nintendo games in what became known as Gigaleak, in addition to the compromise of 300,000 Nintendo user accounts with personal information, or more recently the ransomware attack on CD Projekt Red that led to the theft of the Cyberpunk 2077 source code.
In 2020, an Akamai report reflected that during the pandemic credential stuffing attacks on video game companies and users grew and that in a year and a half nearly 10 billion attempts of this type of attack were recorded.
The reality is that there are several reasons that could explain this growth in the interest of malicious actors in this industry.
For example, the large sums of money it moves make developers and users financially attractive to attackers.
To get an idea of what this industry represents compared to other entertainment sectors, according to data from Goldman Sachs, the audience of video game content on platforms such as YouTube or Twitch is higher than that recorded by consumers of HBO, Netflix and ESPN combined.
Some reports, such as the one recently prepared by BlackCloak, consider as another possible reason the fact that companies in this industry do not operate under the same regulatory standards as financial or health companies, which have the obligation to develop measures strict security measures to protect the data of its users. In addition, the bad security practices used when creating and managing passwords by the senior executives of video game companies, where more than 80% of the passwords of these senior officials circulate in plain text in clandestine forums on the dark web.