Front-page

EA has been hacked, suffering a data breach and stolen source code

XIZ5fkZ.png

Just shortly before Summer Games Fest began, Electronic Arts confirmed to a reporter at Vice that the company had been recently hacked, with an unidentified person or group stealing about 780GB of data from the publisher. The hacker responsible then took to a webforum, listing the contents of the data breach for sale, including the source code for FIFA 21, FIFA 22's debug tools, the entire source code for EA's Frostbite engine, certain private SDK and API keys, and more.

Source Code Sale Listing said:
We sell the FIFA 21 full src code and tools

debug tools, SDK And api keys
FIFA 21 matchmaking server
FIFA 22 api keys and some SDK & debugging tools
FrostBite src code & debug tools
Many proprietary EA games frameworks & SDKs
XBOX & SONY private SDK & api key
XB PS & EA pfx & crt with key (currently used)

You have full capability of exploiting on all ea services

Total dump = 780 GB
Click to expand...

The breach apparently took place on June 6th, and utilized some form of "intrusion into [EA's| network". According to them, no data related to their customers or players was accessed or is at risk. They're also currently working with the Presque Isle Police Department in order to find out the person responsible. This is the continuation of a streak of data breaches affecting major game publishers, with Nintendo, Capcom, and most recently, CD Projekt Red all falling victim to them.

EA's Official Response said:
An amount of game source code and related tools were stolen. No player data was accessed, and we have no reason to believe there is any risk to player privacy. Following the incident, we’ve already made security improvements and do not expect an impact on our games or our business. We are actively working with law enforcement officials and other experts as part of this ongoing criminal investigation.
Click to expand...

:arrow: Source
 
  • Like
Reactions: Peloisan, 64bitmodels, yoofo and 28 others
Click to expand...
driverdis

driverdis

I am Justice
Member
Level 12
Joined
Sep 21, 2011
Messages
2,867
Trophies
2
Age
31
Location
1.048596β
XP
2,838
Country
United States
One of these days, hackers will catch on that the keys from Nintendo,Sony, and Microsoft for signing executables as genuine will be what everyone wants. The Xbox One is the only system other than PS5 to not have any CFW or backup game support even on old firmwares.
 
  • Like
Reactions: ILuvGames
codezer0

codezer0

Gaming keeps me sane
Member
Level 14
Joined
Jul 14, 2009
Messages
3,576
Trophies
2
Location
The Magic School Bus
XP
4,530
Country
United States
driverdis said:
One of these days, hackers will catch on that the keys from Nintendo,Sony, and Microsoft for signing executables as genuine will be what everyone wants. The Xbox One is the only system other than PS5 to not have any CFW or backup game support even on old firmwares.
Click to expand...
At least to Microsoft's credit, all you really need to run unsigned code on an Xbox One, is a $20 payment to add dev privileges onto your XBL account. After that, you can sideload whatever you wanna run onto any Xbox One you're logged into.
 
  • Like
Reactions: driverdis
Jayro

Jayro

MediCat USB Dev
Developer
Level 26
Joined
Jul 23, 2012
Messages
12,973
Trophies
4
Location
WA State
Website
ko-fi.com
XP
17,001
Country
United States
My question is, why are dev studios dumb enough to have their stuff online to begin with? If I was a game dev studio, none of the development machines would have internet access in the first place. The game files would be on a central intranet server, also offline. The ones that keep their game files online are just asking for it.
 
Foxi4

Foxi4

Endless Trash
Global Moderator
Level 34
Joined
Sep 13, 2009
Messages
30,825
Trophies
3
Location
Gaming Grotto
XP
29,840
Country
Poland
Not sure if this was reported yet, but apparently the intrusion was a result of social engineering and not a network exploit. The "hackers" tricked an IT support employee over Slack into allowing them to use their authenticator, pretending that they "lost their phone during a party" and as such they had no access to EA's internal 2FA. The employee supplied them with a token, and upon receiving it the hackers logged on, downloaded everything they could lay their hands on and hightailed off the scene. This once again proves that the weakest link of any network is still the human.

https://www.vice.com/en/article/7kvkqb/how-ea-games-was-hacked-slack
 
  • Like
Reactions: gamesquest1 and Payne
Jayro

Jayro

MediCat USB Dev
Developer
Level 26
Joined
Jul 23, 2012
Messages
12,973
Trophies
4
Location
WA State
Website
ko-fi.com
XP
17,001
Country
United States
driverdis said:
One of these days, hackers will catch on that the keys from Nintendo,Sony, and Microsoft for signing executables as genuine will be what everyone wants. The Xbox One is the only system other than PS5 to not have any CFW or backup game support even on old firmwares.
Click to expand...
You know... I've always wondered why the keys can't be derived from comparing enough signed files. Yeah, the keys are encrypted, but they use the same hash every time. You'd think that would be a pretty easy win.
 
BeastMode6

BeastMode6

Well-Known Member
Member
Level 5
Joined
Sep 27, 2015
Messages
109
Trophies
0
Age
47
XP
560
Country
United States
No Skate source? No source from when EA sports was actually good (2004ish era)? Who the hell wants the FIFA 21 source code?

What the hell was the point of this?
 
Tiger21820

Tiger21820

Well-Known Member
Newcomer
Level 7
Joined
May 6, 2010
Messages
99
Trophies
1
Age
31
Location
AREA UNKNOWN
Website
www.nintendo3dscentral.com
XP
995
Country
United States
The hackers REALLY should have also deleted the original data from EA after downloading it! That REALLY would have ruined their day! Talk about missed opportunities...

But still, it gets us one step closer to putting EA out of business! I really think that hackers should have deleted the data from the source after downloading it!

These hackers are heroes!
 
Last edited by Tiger21820,
codezer0

codezer0

Gaming keeps me sane
Member
Level 14
Joined
Jul 14, 2009
Messages
3,576
Trophies
2
Location
The Magic School Bus
XP
4,530
Country
United States
Jayro said:
You know... I've always wondered why the keys can't be derived from comparing enough signed files. Yeah, the keys are encrypted, but they use the same hash every time. You'd think that would be a pretty easy win.
Click to expand...
In theory, the signing should be randomized as well. It was Sony's famous blunder where their package signing was with one of the unknowns being the same variable every time regarding PS3 and PSP games.
 
  • Like
Reactions: Jayro
D

Deleted member 668561

GBAtemp Official Psychonaut
Banned
Level 11
Joined
Jan 29, 2008
Messages
1,875
Trophies
0
Location
somewhere within 4 dimensional space-time
XP
2,654
Country
United States
codezer0 said:
At least to Microsoft's credit, all you really need to run unsigned code on an Xbox One, is a $20 payment to add dev privileges onto your XBL account. After that, you can sideload whatever you wanna run onto any Xbox One you're logged into.
Click to expand...


Where full hardware access/control?
 
Jayro

Jayro

MediCat USB Dev
Developer
Level 26
Joined
Jul 23, 2012
Messages
12,973
Trophies
4
Location
WA State
Website
ko-fi.com
XP
17,001
Country
United States
Tiger21820 said:
The hackers REALLY should have also deleted the original data from EA after downloading it! That REALLY would have ruined their day! Talk about missed opportunities...

But still, it gets us one step closer to putting EA out of business! I really think that hackers should have deleted the data from the source after downloading it!

These hackers are heroes!
Click to expand...
Yeah, imagine someone deletes their entire frostbite engine, and they're forced to either reverse-engineer it out of a compiled game, or start fresh again. Either way would be rough.
 
  • Like
Reactions: Deleted member 668561
CMDreamer

CMDreamer

Well-Known Member
Member
Level 13
Joined
Oct 29, 2014
Messages
1,688
Trophies
1
Age
38
XP
3,479
Country
Mexico
With that Fifa source code, now anyone interested and with the ability to do so, can create more bad sports games... Just what "we" needed!

Nicely done EA, nicely done...
 
Foxi4

Foxi4

Endless Trash
Global Moderator
Level 34
Joined
Sep 13, 2009
Messages
30,825
Trophies
3
Location
Gaming Grotto
XP
29,840
Country
Poland
Nearly everybody in this thread is a big dumb-dumb who should be ashamed of themselves. Corporations are not people - they're considered "people" in the legal sense, but in reality, they're *made out of people*.

Do you think a lowly IT tech support guy at the bottom of the ladder gets any kaching because EA executives choose to monetise games via microtransactions? Do you think that EA's army of developers, including programmers, artists, writers, sound engineers and other industry experts *choose* to sell their work piecemeal because they want a second yacht for Christmas? Do you think this kind of intrusion will "teach" the corporation anything at all, that "this'll show'em"? No, those kinds of decisions are made in boardrooms by chairmen who do not care about your experience playing EA products, they care about sales.

The people affected by this leak are not the people who stuff their pillows with money, they're the people who exchange blood, sweat and a fair bit of sleep crunching to provide you with entertainment, and as of late, they've been providing a lot of it with hits like Apex Legends, Jedi: Fallen Order, Squadrons and even more innovative titles like It Takes Two. No high level executive will feel a substantial impact of this event, but a few low-level employees will get the sack - some rightfully so, some not so much.

The "boo hoo EA bad" meme is a cringe opinion. Vote with your wallet, by all means - if you're against microtransactions, don't buy crappy downloadable content or lootboxes. With that being said, cheering on as a company that employs droves of industry experts gets their data stolen makes you look supremely dumb.

It's as if you were cheering on a Wal-Mart getting looted because big company bad, blissfully unaware of the fact that the Wal-Mart corporation likely has a sophisticated insurance policy and incurs minimal losses. You know who that kind of thing does harm? The minimum wage employees that no longer have a workplace to return to until the store is renovated and new stock arrives, if the location reopens at all.

Good job, you really are at the forefront of the revolution, congrats.
 
  • Like
Reactions: MamaLuigiS and Deleted member 668561
MamaLuigiS

MamaLuigiS

Well-Known Member
Newcomer
Level 2
Joined
May 8, 2020
Messages
73
Trophies
0
Age
24
XP
191
Country
United States
Foxi4 said:
Nearly everybody in this thread is a big dumb-dumb who should be ashamed of themselves. Corporations are not people - they're considered "people" in the legal sense, but in reality, they're *made out of people*.

Do you think a lowly IT tech support guy at the bottom of the ladder gets any kaching because EA executives choose to monetise games via microtransactions? Do you think that EA's army of developers, including programmers, artists, writers, sound engineers and other industry experts *choose* to sell their work piecemeal because they want a second yacht for Christmas? Do you think this kind of intrusion will "teach" the corporation anything at all, that "this'll show'em"? No, those kinds of decisions are made in boardrooms by chairmen who do not care about your experience playing EA products, they care about sales.

The people affected by this leak are not the people who stuff their pillows with money, they're the people who exchange blood, sweat and a fair bit of sleep crunching to provide you with entertainment, and as of late, they've been providing a lot of it with hits like Apex Legends, Jedi: Fallen Order, Squadrons and even more innovative titles like It Takes Two. No high level executive will feel a substantial impact of this event, but a few low-level employees will get the sack - some rightfully so, some not so much.

The "boo hoo EA bad" meme is a cringe opinion. Vote with your wallet, by all means - if you're against microtransactions, don't buy crappy downloadable content or lootboxes. With that being said, cheering on as a company that employs droves of industry experts gets their data stolen makes you look supremely dumb.

It's as if you were cheering on a Wal-Mart getting looted because big company bad, blissfully unaware of the fact that the Wal-Mart corporation likely has a sophisticated insurance policy and incurs minimal losses. You know who that kind of thing does harm? The minimum wage employees that no longer have a workplace to return to until the store is renovated and new stock arrives, if the location reopens at all.

Good job, you really are at the forefront of the revolution, congrats.
Click to expand...
EA Bad lol
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Nintendo Switch firmware 18.0.0 has been released

Atmosphere CFW for Switch updated to pre-release version 1.7.0, adds support for firmware 18.0.0

Wii U and 3DS online services shutting down today, but Pretendo is here to save the day

GBAtemp Exclusive  Introducing tempBOT AI - your new virtual GBAtemp companion and aide (April Fools)

Pokemon fangame hosting website "Relic Castle" taken down by The Pokemon Company

The first retro emulator hits Apple's App Store, but you should probably avoid it

MisterFPGA has been updated to include an official release for its Nintendo 64 core

Delta emulator now available on the App Store for iOS

General chit-chat
Help Users
    Xdqwerty @ Xdqwerty: aeiou