EA got hit by a data breach, and hackers are selling source code

Motherboard is reporting that EA has fallen victim to hackers, who made away with the source code to FIFA 21, the Frostbite engine (which is behind not only EA’s soccer/football series, but Battlefield as well), and other game development tools. The hackers are reportedly advertising that the data is for sale on hacking forums, but that they’ll only consider offers from big-name members of the hacking community.

Source code is a big deal in programing, so it’s a big deal when companies lose control over it, and the gaming industry has seen some huge thefts recently: hackers stole CD Projekt Red’s source code for Cyberpunk 2077 and The Witcher 3 in February and in July of 2020, Nintendo saw the source code for many SNES and Nintendo 64 games, including Super Mario Kart and an unreleased Zelda game, released into the wild in what’s been dubbed the “Nintendo Gigaleak.”

While it’s unlikely that other reputable developers would use EA’s code on purpose, hackers being able to see the inner workings of a game or engine could help them craft cheats or cracks — it could also reveal secret projects and game ideas, or developer comments that companies would rather not see the light of day. Breaches also aren’t terribly great for a company’s reputation.

In addition to EA’s own proprietary code and tools, the hackers claim they have Microsoft Xbox and Sony’s SDKs and API keys available for sale as well. Here’s a screenshot obtained by BleepingComputer that claims hackers have a total of 780GB worth of stolen data:

Microsoft and Sony tools may also be for sale.Screenshot by BleepingComputer

An EA spokesperson confirmed to The Verge that hackers stole “a limited amount of game source code and related tools,”and said that the hackers didn’t have access to player data. They also said that the company had improved its security following the hack, and doesn’t expect an impact on its games or business. EA was clear to us that, unlike the recent string of cybersecurity incidents we’ve seen, this was not a ransomware attack, and that it’s working with law enforcement to investigate the incident.

Leave a Reply

%d bloggers like this: